Main Menu

President's message

August 2017

Stepping Up The Value Of Internal Audit
To step up the value proposition of internal audit, Internal Auditors (IA) must keep up with both the internal and external environment that their organisations operate in. It is important for IA to keep up with emerging trends and risks to effectively meet and exceed their stakeholders’ expectations.
Consider the following I-I-A-S points as a constant reminder to stay abreast and value-add to your organisations:
Be Insightful – IA must be in touch with developments not only locally but around the world. Look out for trends and developments that can destabilise your organisation e.g. geopolitical instabilities and emerging technology and threats. Be conscious of unhealthy cultures in the operating environment. 
Be Innovative – Step out of your comfort zone and dare to harness technology to devise new and efficient ways of auditing. Amongst others, IA needs to re-invent itself with emphasis on soft skills, change in mindset and thinking out-of-the-box.
Be Agile – Businesses are affected by change. Innovate ways of partnering your stakeholders and seek their inputs to provide real time assurance. Engage stakeholders continuously to bridge any gaps in expectations and priorities.
Be Strategic-Minded – Understand business strategy, hone your business acumen skills by acquiring industry knowledge. Understand what is important for the growth and sustainability of the business and align internal audit efforts to support business strategies.
Be in touch with IIA Singapore. We work hard and continue to be a professional body that is resolved to support the development of the profession. Our members are recognised as indispensable to their organisations for effective governance, risk management, and control. Our global platform is an excellent conduit for keeping in touch with local and global standards, trends and best practices.
Yours Sincerely
Tan Boon Yen

July 2017

Annual Conference

IIA Singapore will be hosting our Annual Conference at MBS, Sands Expo & Conference Center from 25 to 27 October. Together with Singapore Accountancy Commission (SAC), we are organizing the Global Internal Audit Leadership Summit, themed “Auditing in Cyber Age”.  In the current digital world, with automated business processes and entire value chains being digitally connected as well as changing business models where outsourcing and offshoring are the norm, exposures to cyber security risks are greater than before. Cyber security risks have tops the agenda of senior management and the audit committee and board members.

Back to back with the Summit is the Annual Conference, themed “IA in the Age of Transformation”.  With the dynamic and complex environment aggravated by the advancement of disruptive technologies, to be competitive, organisations need to embark on a transformation journey by reviewing their business strategies, systems and processes. Likewise, IA needs to transform to fortify its position as a value-adding partner and advisor to its organisation.  

The Summit and Conference will bring together both local and international speakers and it is a good opportunity to hear from the invited speakers and panelists that include Audit Committee members, Chief Audit Executives and other thought leaders. We have also invited speakers from Google, Microsoft and SAP. Participants can look forward to topics such as “Audit Committee’s Expectation of CAE in an Uncertain World”, “Building the Brand of IA”, “Future IA in the Transforming World”, “Managing Cyber Security Risk”, “Innovative and Agile Internal Auditing at Google” and “Leveraging Technology in IA”. The detailed program can be viewed at the IIA Singapore website

Yours Sincerely
Tan Boon Yen

June 2017

Managing Outsourcing Risks

In today's business environment, organisations are outsourcing significant parts of their operations for various reasons e.g. for costs and efficiency reasons, for capacity management or to gain access to expertise. Organisations need to be cognizant of the risks of outsourcing which could have extensive impact on their businesses if not adequately managed. In recent years, there have been many incidents relating to outsourced operations that have not only caused major disruptions to businesses but have also resulted in penalties for non-compliance with regulatory requirements and tarnished their well-established reputation. Business processing and information technology outsourcing are increasingly prevalent. The most common and significant outsourcing risks relate to business continuity, confidentiality and security of information and intellectual properties, and compliance with regulatory and legal requirements. Organisations need to establish a governance and risk management framework to adequately mitigate the risks.

Internal auditors need to consider and include the assurance review of outsourced operations in their audit plan. There is a need to assess whether outsource risks have been identified and the severity of risks appropriately assessed by the organisation. The governing framework and organisational roles and responsibilities for managing outsourced risks need to be clearly established. Risk dashboards should be put in place to continuously monitor the management of risks so that there are early warning systems for timely measures to be taken. Important risk mitigating measures would include due diligence of potential and existing service providers, robust contract review and administration procedures, procurement processes and vendor performance management and monitoring procedures. It is necessary to also assess the service providers' regulatory compliance management procedures, their service operation framework and controls and their business continuity and crisis management procedures to ensure prompt recovery of critical business functions in the event of major business or systems disruption.

Yours Sincerely
Tan Boon Yen

May 2017

Were You Prepared For The Ransomware Attack?

The world's biggest-ever computer ransom assault in the month of May has affected more than 190 countries. The indiscriminate attack, which began on Friday, struck banks, hospitals and government agencies, exploiting known vulnerabilities in old Microsoft computer operating systems. According to the cyberattack message, payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted.  

Was your organisation prepared? What is your role as internal auditor with regards to cybersecurity? The IIA’s Global Technology Audit Guide (GTAG) in Sep 2016 is a useful guidance for internal auditors. In addition, “GTAG: Assessing Cybersecurity Risk” describes internal audit’s role in cybersecurity including the CAE’s role relating to assurance, governance, risk, and cyber threats and the assessment of risks and threats. “GTAG: Auditing IT Governance” also provides further guidance for IT governance.

Cybersecurity will continue to top the list of risks for internal auditors, audit committees, senior management and board of directors. Internal auditors play an important role as part of its overall assurance responsibilities, to determine if cybersecurity risks are addressed effectively. In reporting to the audit committee, CAE should keep cybersecurity on the agenda, discuss the level of cyber resilience preparedness with audit committees.  Internal auditors should also take a multi-prong approach i.e. from auditing people and culture on cybersecurity awareness and discipline, to risk management systems, policies and procedures and incident management framework. It is important for internal auditors to also share their insights in these areas with management and the Board.

Yours Sincerely
Tan Boon Yen

April 2017

Public Sector Internal Audit Conference 2017

The theme of our Public Sector Internal Audit (IA) Conference last week (April 20th & 21st) reflects the importance of internal auditors to be future-ready. It was another fruitful conference, thanks to the esteemed thought leaders and practitioners, for their insightful sharing and updates on current trends and developments as well as leading practices. The IA function of DBS Bank of Singapore shared an amazing IA transformation journey, leveraging on technology, harnessing data and working proactively with stakeholders to achieve audit effectiveness and effectiveness.  In my view, it is a world class IA function.

Beyond continuous and predictive auditing, participants heard about agile auditing. It is possible for the 1st, 2nd and 3rd lines of defense to work seamlessly to provide combined assurance to organizational stakeholders. Nevertheless, I would like to point out that this does not mean that IA’s role, as the 3rd line of defense, is no longer relevant. This position should not change as stakeholders rely on IA for independent and objective assurance.

In the current digital age with technology disruptions & innovations and data analytics, opportunities instead of challenges, are abound for IA to add and create value. Aptly put by one of our speakers - "It is a unique moment for IA to take leadership, facilitate new growth while maintaining compliance and building trust in the digital future."

May 1st is the start of International IA Awareness month where IIA Institutes and IA functions around the world, plan and organize activities to promote the value of internal auditing to their stakeholders. Look out for our May IA Awareness Month activities and we strongly encourage you together with members of your organization to participate in the activities organized by IIA Singapore. 

Yours Sincerely
Tan Boon Yen

March 2017

Poised For The Future

Singapore’s Committee of Future Economy (CFE) Report has identified seven strategies to achieve the vision to be the pioneers of the next generation. The strategies “acquire and utilize deep skills” and “build strong digital capabilities” resonate well with the transformation journey of the internal audit profession.  

As Singapore enters a new phase of development, the journey is challenging. An area that Singapore must position itself is by “developing deep digital capabilities”. With technology and digitalisation transforming many businesses, internal auditors need to acquire and develop strong capabilities in digital technologies, in particular, data analytics. Data is an asset that should be harnessed to transform audit quality and raise productivity. Cyber security is key as organisations are exposed to cyber threats with increasing reliance on mobile and cloud computing, internet and social media.  Internal auditors need to be equipped to provide assurance to stakeholders on cyber security risks and controls.

To continue to serve stakeholders well, internal auditors must continue to acquire and develop new skills, strive for agility and equip themselves for the future. Internal audit work will be challenging, interesting and impactful if we focus well on what is ahead for the business. The 10 core principles of IIA’s International Professional Practices Framework (IPPF) 2015 include a very relevant core principle - IA must be “insightful, proactive and future-focused” to be effective.  

One aspect that will not change for internal auditors is to build a firm foundation with relevant certifications and continuing professional development. At this point, I would like to congratulate our young professional, Ms. Fiona Tan Yan Wen, a member of IIA Singapore who has received the William S. Smith Award, a Certificate of Honour for achieving the highest score in the recent CIA exam. Well done! 

Yours Sincerely
Tan Boon Yen

February 2017

Rising to The Challenges of The Future

Prof Foo See Liang of Singapore Management University (SMU) facilitated an interesting forum at the SMU-X IA Elective class last week. IIA has supported the elective program for students since 2013. The IA Forum for this semester comprises a panel of Heads of IA who spoke on the topic “Disruptive Technology”.

The panelists shared on how digitisation, cloud computing, artificial intelligence, data analytics, internet of things have impacted their businesses. The changes are rapid. Some jobs are made redundant with processes being made obsolete as human interventions are reduced and eliminated. There are increased vulnerabilities in the digital space.

What does it mean for IA? In general, the panel expressed that an effective internal audit team must have an understanding of technology and continuously train and upskill themselves.

Being competent in data analytics is important as data is changing the face of the world. Insights can be generated by processing and interpreting data that will allow IA to value add to their stakeholders. At the same time, technology is a plus to internal audit, making it possible for IA to work faster and achieve better and more extensive coverage. The panel expressed a common sentiment is that it is critical for IA to work closely with the 1st and 2nd lines of defense. With a collaborative approach, IA can be much more effective than working in isolation.

The challenge of disruptive technology is very real. IIA Singapore is organising the Public Sector Internal Audit Conference on 20-21 April 2017 with the theme “Rising to the Challenges of the Future”. The conference program will cover the topic of disruptive technologies and how IA can rise to the challenges. Do save the date to attend the conference and it will be a valuable opportunity to hear from our speakers and panellists.

Yours Sincerely
Tan Boon Yen

January 2017

Start of A Brand New Year

Happy New Year! I hope everyone has had a wonderful break and are fully re-charged for a brand new year. It is exciting times ahead for internal auditing as we take on new roles and continually adapt to the changing world and environment. 

Let us continue to develop and invest in ourselves through learning and development, professional certification and qualification, networking and relationship building at the different platforms. The Institute of Internal Auditors (IIA) Singapore looks forward to engaging members of the internal audit (IA) profession and encouraging them to actively participate in committees, education, advocacy and many other activities that helps advance the profession to greater heights. Volunteering and contributing in these platforms are not only enriching but provides valuable development opportunities on a personal level as well. 

IIA Singapore has launched a brand new "Learn at Lunch" series, commencing January 2017 (scheduled every 2nd Thursday/Friday of the month). We welcome all to participate and the series is specially planned to bring in experts/practitioners to share new and emerging trends/topics impacting the profession. 

Just to also note the new International Standards for the Professional Practice of Internal Auditing (Standards) that takes effect from January 1, 2017. The revised Standards include two new Standards, the alignment of the Standards to the Core Principles and some updates to existing Standards. The new Standards (1112 and 1130) addresses the reality that increasingly, CAEs are expected to take on risk management, compliance or other roles beyond internal auditing. Such roles may impair or appear to impair the orgniasational independence of the IA acticity or the individual objectivity of the internal auditor. It is important to maintain safeguards for such activities. 

It is also time to wish all good health, happiness and great fortune in the year of the Rooster! 

Yours Sincerely
Tan Boon Yen

December 2016

2017 and IA’s Transformation Journey
My best wishes and sincere thanks to our members, collaborating institutes and partners for their support as we conclude an eventful 2016 and shift our momentum into the new year.
Although the general economic outlook and business environment is not optimistic, it will not be all gloom and doom for businesses as there will be opportunities amidst challenges. Businesses have entered the age of disruption and need to review and adapt their business strategies to remain relevant. 
The Internal Audit (IA) profession is also undergoing a transformation journey. While the emerging risks landscape presents internal auditors with a more complex task, it also presents unprecedented opportunities. Internal auditors are uniquely positioned to play a role in contributing to the success of their organizations and IA’s insights can be an engine for innovation and business improvement. IA professionals need to acquire new skills, explore new opportunities and exercise creativity in ways that create value for their organization. IA functions must fully evaluate their staff's capabilities and take steps to fill the gaps between current skills and the skills required to respond to growth.
IIA Singapore will continue to promote internal audit excellence and provide platforms to nurture the development of IA professionals, drive thought leadership and promote sharing of knowledge. Incidentally, the institute will be launching a Mentorship programme with the Singapore Accountancy Commission in 2017 for aspiring Chief Audit Executives. The main objective of the mentorship programme is to connect aspiring CAEs with a more experienced Mentor whose knowledge, guidance and expertise will enable and support the Mentee in his/her journey to grow professionally. 
We look forward to an exciting year ahead working towards greater progress with the IA profession and creating the value in our organisations.
Wishing all a blessed Christmas and New Year ahead!
Yours Sincerely
Tan Boon Yen

November 2016

Managing Stakeholders’ Expectations
In today’s environment, organisations seek value from internal audit (IA) functions and expect more than an assurance report on internal controls. 
At the IIA Singapore’s Global IA Leadership Summit and the Asian Confederation of Institutes of Internal Auditors (ACIIA) Conference last week (16-18 November), there were many useful insights from speakers, panelists, IA practitioners and IA stakeholders who participated in the conference. Just to summarise 4 key takeaways relating to managing stakeholders’ expectations, with words that start with “C”:
“Collaborate” – Building collaborative relationships with stakeholders is important and relationship acumen is a key attribute for IA leaders. To quote Richard Chambers in his book “Lessons Learned on the Audit Trail” - “A confident and courageous CAE who spends time building relationships can negotiate a middle ground that meets the goals of both board and management in the long run”
“Communicate” - Communicate and provide insights and advice to stakeholders in areas that resonate with their concerns and build trust. Engage stakeholders continuously to bridge any gaps in expectations and priorities. Frequent face-to-face meetings and discussions are important. Not just written communication.
“Customers” – The IIA Research Foundation and Protiviti has published a Stakeholder Survey “Voice of the Customer” in July 2016. It contains recommendations from stakeholders on best practices that internal auditors should consider in their quest to continually improve performance and bring value to their organizations.
“Change” – IA must keep up with change. Feel the pulse of the organisation and its internal and external environment. Focus on high impact areas. Leverage on technology to devise new and efficient ways of auditing.
Other important “C”s are courage, conviction, continuous monitoring, culture, critical thinking, cyber security, connecting the dots, coordination, competencies and the list goes on….
Yours Sincerely
Tan Boon Yen