President's message

IA In the Age of Transformation

Last week, IIA Singapore hosted the Global Internal Audit Leadership Summit and Annual Conference. Speakers and panellists from diverse business sectors and various stakeholder groups converged to share their insights of auditing in the cyber age and how internal audit (IA) can stay ahead of the curve in the age of transformation. 

 

Just to share a few key points in my opening remarks at the Summit and the Conference.

 

With the current technologies, disruptions and risks landscape, IA needs to evaluate governance, risk management and internal controls holistically and audit at the speed of risks. IA needs to be agile to continually reinvent itself and continuously learn and deepen knowledge and competencies to remain relevant and effective.

 

IA needs to work closely with organisations to bridge the cyber readiness gap with the clear and present dangers from data breaches, the Internet-of-Things, among others. Having good insights of the business and the organisation as a whole, internal auditors are well-positioned to be influencers of positive business outcomes with their assurance and advisory roles to their organisations to proactively manage the risks. 

 

With technology and big-data, the three lines of defence within an organisation can collaborate and derive synergies from embedding robust continuous and predictive monitoring systems throughout the organisation for real time assurance and effective risk management and controls. However, this does not mean that IA’s position, as the 3rd line of defence is no longer relevant. IA’s position in providing independent and objective assurance to the Board and other stakeholders such as the regulators, does not change.  

 

The conference ended with many useful insights, knowledge and leading practices that I am sure, will inspire everyone in their journey to stay ahead of the curve and be trusted advisors to their organisations.

 

Tan Boon Yen, CIA, CRMA

President

The Institute of Internal Auditors Singapore

Auditing in the Cyber Age

Disruptive technologies are a reality of the current business environment. In addition to affecting how business is done, the “Internet of things” and the pervasive use of mobile devices further expose organisations to cybersecurity threats. 

 

Boards and stakeholders are demanding greater assurance that preventive and detective controls established to mitigate cybersecurity risks are adequate and effective. Internal Auditors need to be better aligned with strategies and objectives of the organisation and address both existing and emerging risks associated with it. To achieve this, they need to deepen their knowledge of the business, adopt a strategic mindset and sharpen their leadership and people skills to build an effective relationship with the stakeholders. For example, when a big data audit programme is implemented, Internal Audit (IA) should engage the organisation’s CIO and key leaders to understand the risks in terms of data collection, storage, analysis, security and privacy. By doing this, IA obtains assurance that the big data’s objective of providing critical intelligence is aligned with the enterprise-wide business strategy. 

 

The fast-paced digital world opens up opportunities for the IA profession. IA has to move towards the use of audit automation tools to transform auditing and improve audit effectiveness. For example, the use of data analytics tool provides insights to improve decision-making and it also decodes certain underlying trends or anomalies that could be an indicator of more pervasive problems. 

 

Our Global Internal Audit Leadership Summit and Annual Conference will be held from 25 to 27 October 2017. Learn from distinguished speakers, Audit Committee members, Chief Audit Executives, and ask yourself if you can stand up against “The Cyber Resilience Challenge”? How do you tackle “Auditing Big Data”?  Here’s also where you will find out more about ‘Innovative and Agile Internal Auditing at Google”. 

 

Early bird registration closes on 22 September. Register now.

 

Tan Boon Yen, CIA, CRMA

President

The Institute of Internal Auditors Singapore

Stepping Up The Value Of Internal Audit

To step up the value proposition of internal audit, Internal Auditors (IA) must keep up with both the internal and external environment that their organisations operate in. It is important for IA to keep up with emerging trends and risks to effectively meet and exceed their stakeholders’ expectations.

 

Consider the following I-I-A-S points as a constant reminder to stay abreast and value-add to your organisations:

 

Be Insightful – IA must be in touch with developments not only locally but around the world. Look out for trends and developments that can destabilise your organisation e.g. geopolitical instabilities and emerging technology and threats. Be conscious of unhealthy cultures in the operating environment. 

 

Be Innovative – Step out of your comfort zone and dare to harness technology to devise new and efficient ways of auditing. Amongst others, IA needs to re-invent itself with emphasis on soft skills, change in mindset and thinking out-of-the-box.

 

Be Agile – Businesses are affected by change. Innovate ways of partnering your stakeholders and seek their inputs to provide real time assurance. Engage stakeholders continuously to bridge any gaps in expectations and priorities.

 

Be Strategic-Minded – Understand business strategy, hone your business acumen skills by acquiring industry knowledge. Understand what is important for the growth and sustainability of the business and align internal audit efforts to support business strategies.

 

Be in touch with IIA Singapore. We work hard and continue to be a professional body that is resolved to support the development of the profession. Our members are recognised as indispensable to their organisations for effective governance, risk management, and control. Our global platform is an excellent conduit for keeping in touch with local and global standards, trends and best practices.

 

Yours Sincerely
Tan Boon Yen

President

Annual Conference

IIA Singapore will be hosting our Annual Conference at MBS, Sands Expo & Conference Center from 25 to 27 October. Together with Singapore Accountancy Commission (SAC), we are organizing the Global Internal Audit Leadership Summit, themed “Auditing in Cyber Age”.  In the current digital world, with automated business processes and entire value chains being digitally connected as well as changing business models where outsourcing and offshoring are the norm, exposures to cyber security risks are greater than before. Cyber security risks have tops the agenda of senior management and the audit committee and board members.

Back to back with the Summit is the Annual Conference, themed “IA in the Age of Transformation”.  With the dynamic and complex environment aggravated by the advancement of disruptive technologies, to be competitive, organisations need to embark on a transformation journey by reviewing their business strategies, systems and processes. Likewise, IA needs to transform to fortify its position as a value-adding partner and advisor to its organisation.  

The Summit and Conference will bring together both local and international speakers and it is a good opportunity to hear from the invited speakers and panelists that include Audit Committee members, Chief Audit Executives and other thought leaders. We have also invited speakers from Google, Microsoft and SAP. Participants can look forward to topics such as “Audit Committee’s Expectation of CAE in an Uncertain World”, “Building the Brand of IA”, “Future IA in the Transforming World”, “Managing Cyber Security Risk”, “Innovative and Agile Internal Auditing at Google” and “Leveraging Technology in IA”. The detailed program can be viewed at the IIA Singapore website

Yours Sincerely

Tan Boon Yen

President

Managing Outsourcing Risks

In today's business environment, organisations are outsourcing significant parts of their operations for various reasons e.g. for costs and efficiency reasons, for capacity management or to gain access to expertise. Organisations need to be cognizant of the risks of outsourcing which could have extensive impact on their businesses if not adequately managed. In recent years, there have been many incidents relating to outsourced operations that have not only caused major disruptions to businesses but have also resulted in penalties for non-compliance with regulatory requirements and tarnished their well-established reputation. Business processing and information technology outsourcing are increasingly prevalent. The most common and significant outsourcing risks relate to business continuity, confidentiality and security of information and intellectual properties, and compliance with regulatory and legal requirements. Organisations need to establish a governance and risk management framework to adequately mitigate the risks.

Internal auditors need to consider and include the assurance review of outsourced operations in their audit plan. There is a need to assess whether outsource risks have been identified and the severity of risks appropriately assessed by the organisation. The governing framework and organisational roles and responsibilities for managing outsourced risks need to be clearly established. Risk dashboards should be put in place to continuously monitor the management of risks so that there are early warning systems for timely measures to be taken. Important risk mitigating measures would include due diligence of potential and existing service providers, robust contract review and administration procedures, procurement processes and vendor performance management and monitoring procedures. It is necessary to also assess the service providers' regulatory compliance management procedures, their service operation framework and controls and their business continuity and crisis management procedures to ensure prompt recovery of critical business functions in the event of major business or systems disruption.

Yours Sincerely

Tan Boon Yen

President

Were You Prepared For The Ransomware Attack?

The world's biggest-ever computer ransom assault in the month of May has affected more than 190 countries. The indiscriminate attack, which began on Friday, struck banks, hospitals and government agencies, exploiting known vulnerabilities in old Microsoft computer operating systems. According to the cyberattack message, payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted.  

Was your organisation prepared? What is your role as internal auditor with regards to cybersecurity? The IIA’s Global Technology Audit Guide (GTAG) in Sep 2016 is a useful guidance for internal auditors. In addition, “GTAG: Assessing Cybersecurity Risk” describes internal audit’s role in cybersecurity including the CAE’s role relating to assurance, governance, risk, and cyber threats and the assessment of risks and threats. “GTAG: Auditing IT Governance” also provides further guidance for IT governance.

Cybersecurity will continue to top the list of risks for internal auditors, audit committees, senior management and board of directors. Internal auditors play an important role as part of its overall assurance responsibilities, to determine if cybersecurity risks are addressed effectively. In reporting to the audit committee, CAE should keep cybersecurity on the agenda, discuss the level of cyber resilience preparedness with audit committees.  Internal auditors should also take a multi-prong approach i.e. from auditing people and culture on cybersecurity awareness and discipline, to risk management systems, policies and procedures and incident management framework. It is important for internal auditors to also share their insights in these areas with management and the Board.

Yours Sincerely

Tan Boon Yen

President

Public Sector Internal Audit Conference 2017

The theme of our Public Sector Internal Audit (IA) Conference last week (April 20th & 21st) reflects the importance of internal auditors to be future-ready. It was another fruitful conference, thanks to the esteemed thought leaders and practitioners, for their insightful sharing and updates on current trends and developments as well as leading practices. The IA function of DBS Bank of Singapore shared an amazing IA transformation journey, leveraging on technology, harnessing data and working proactively with stakeholders to achieve audit effectiveness and effectiveness.  In my view, it is a world class IA function.

Beyond continuous and predictive auditing, participants heard about agile auditing. It is possible for the 1st, 2nd and 3rd lines of defense to work seamlessly to provide combined assurance to organizational stakeholders. Nevertheless, I would like to point out that this does not mean that IA’s role, as the 3rd line of defense, is no longer relevant. This position should not change as stakeholders rely on IA for independent and objective assurance.

In the current digital age with technology disruptions & innovations and data analytics, opportunities instead of challenges, are abound for IA to add and create value. Aptly put by one of our speakers - "It is a unique moment for IA to take leadership, facilitate new growth while maintaining compliance and building trust in the digital future."

May 1st is the start of International IA Awareness month where IIA Institutes and IA functions around the world, plan and organize activities to promote the value of internal auditing to their stakeholders. Look out for our May IA Awareness Month activities and we strongly encourage you together with members of your organization to participate in the activities organized by IIA Singapore. 

Yours Sincerely

Tan Boon Yen

President

Poised For The Future
Singapore’s Committee of Future Economy (CFE) Report has identified seven strategies to achieve the vision to be the pioneers of the next generation. The strategies “acquire and utilize deep skills” and “build strong digital capabilities” resonate well with the transformation journey of the internal audit profession. As Singapore enters a new phase of development, the journey is challenging. An area that Singapore must position itself is by “developing deep digital capabilities”. With technology and digitalisation transforming many businesses, internal auditors need to acquire and develop strong capabilities in digital technologies, in particular, data analytics. Data is an asset that should be harnessed to transform audit quality and raise productivity. Cyber security is key as organisations are exposed to cyber threats with increasing reliance on mobile and cloud computing, internet and social media. Internal auditors need to be equipped to provide assurance to stakeholders on cyber security risks and controls. To continue to serve stakeholders well, internal auditors must continue to acquire and develop new skills, strive for agility and equip themselves for the future. Internal audit work will be challenging, interesting and impactful if we focus well on what is ahead for the business. The 10 core principles of IIA’s International Professional Practices Framework (IPPF) 2015 include a very relevant core principle - IA must be “insightful, proactive and future-focused” to be effective. One aspect that will not change for internal auditors is to build a firm foundation with relevant certifications and continuing professional development. At this point, I would like to congratulate our young professional, Ms. Fiona Tan Yan Wen, a member of IIA Singapore who has received the William S. Smith Award, a Certificate of Honour for achieving the highest score in the recent CIA exam. Well done! Yours Sincerely Tan Boon Yen President

Rising to The Challenges of The Future

Prof Foo See Liang of Singapore Management University (SMU) facilitated an interesting forum at the SMU-X IA Elective class last week. IIA has supported the elective program for students since 2013. The IA Forum for this semester comprises a panel of Heads of IA who spoke on the topic “Disruptive Technology”.

The panelists shared on how digitisation, cloud computing, artificial intelligence, data analytics, internet of things have impacted their businesses. The changes are rapid. Some jobs are made redundant with processes being made obsolete as human interventions are reduced and eliminated. There are increased vulnerabilities in the digital space.

What does it mean for IA? In general, the panel expressed that an effective internal audit team must have an understanding of technology and continuously train and upskill themselves.

Being competent in data analytics is important as data is changing the face of the world. Insights can be generated by processing and interpreting data that will allow IA to value add to their stakeholders. At the same time, technology is a plus to internal audit, making it possible for IA to work faster and achieve better and more extensive coverage. The panel expressed a common sentiment is that it is critical for IA to work closely with the 1st and 2nd lines of defense. With a collaborative approach, IA can be much more effective than working in isolation.

The challenge of disruptive technology is very real. IIA Singapore is organising the Public Sector Internal Audit Conference on 20-21 April 2017 with the theme “Rising to the Challenges of the Future”. The conference program will cover the topic of disruptive technologies and how IA can rise to the challenges. Do save the date to attend the conference and it will be a valuable opportunity to hear from our speakers and panellists.

Yours Sincerely

Tan Boon Yen

President

Start of A Brand New Year

Happy New Year! I hope everyone has had a wonderful break and are fully re-charged for a brand new year. It is exciting times ahead for internal auditing as we take on new roles and continually adapt to the changing world and environment. 

Let us continue to develop and invest in ourselves through learning and development, professional certification and qualification, networking and relationship building at the different platforms. The Institute of Internal Auditors (IIA) Singapore looks forward to engaging members of the internal audit (IA) profession and encouraging them to actively participate in committees, education, advocacy and many other activities that helps advance the profession to greater heights. Volunteering and contributing in these platforms are not only enriching but provides valuable development opportunities on a personal level as well. 

IIA Singapore has launched a brand new "Learn at Lunch" series, commencing January 2017 (scheduled every 2nd Thursday/Friday of the month). We welcome all to participate and the series is specially planned to bring in experts/practitioners to share new and emerging trends/topics impacting the profession. 

Just to also note the new International Standards for the Professional Practice of Internal Auditing (Standards) that takes effect from January 1, 2017. The revised Standards include two new Standards, the alignment of the Standards to the Core Principles and some updates to existing Standards. The new Standards (1112 and 1130) addresses the reality that increasingly, CAEs are expected to take on risk management, compliance or other roles beyond internal auditing. Such roles may impair or appear to impair the orgniasational independence of the IA acticity or the individual objectivity of the internal auditor. It is important to maintain safeguards for such activities. 

It is also time to wish all good health, happiness and great fortune in the year of the Rooster! 

Yours Sincerely

Tan Boon Yen

President