Menu

President's Message

October 2017 - IA In the Age of Transformation
Last week, IIA Singapore hosted the Global Internal Audit Leadership Summit and Annual Conference. Speakers and panellists from diverse business sectors and various stakeholder groups converged to share their insights of auditing in the cyber age and how internal audit (IA) can stay ahead of the curve in the age of transformation. 
 
Just to share a few key points in my opening remarks at the Summit and the Conference.
 
With the current technologies, disruptions and risks landscape, IA needs to evaluate governance, risk management and internal controls holistically and audit at the speed of risks. IA needs to be agile to continually reinvent itself and continuously learn and deepen knowledge and competencies to remain relevant and effective.
 
IA needs to work closely with organisations to bridge the cyber readiness gap with the clear and present dangers from data breaches, the Internet-of-Things, among others. Having good insights of the business and the organisation as a whole, internal auditors are well-positioned to be influencers of positive business outcomes with their assurance and advisory roles to their organisations to proactively manage the risks. 
 
With technology and big-data, the three lines of defence within an organisation can collaborate and derive synergies from embedding robust continuous and predictive monitoring systems throughout the organisation for real time assurance and effective risk management and controls. However, this does not mean that IA’s position, as the 3rd line of defence is no longer relevant. IA’s position in providing independent and objective assurance to the Board and other stakeholders such as the regulators, does not change.  
 
The conference ended with many useful insights, knowledge and leading practices that I am sure, will inspire everyone in their journey to stay ahead of the curve and be trusted advisors to their organisations.
 
Tan Boon Yen, CIA, CRMA
President
The Institute of Internal Auditors Singapore

 

September 2017 - Auditing in the Cyber Age
Disruptive technologies are a reality of the current business environment. In addition to affecting how business is done, the “Internet of things” and the pervasive use of mobile devices further expose organisations to cybersecurity threats. 
 
Boards and stakeholders are demanding greater assurance that preventive and detective controls established to mitigate cybersecurity risks are adequate and effective. Internal Auditors need to be better aligned with strategies and objectives of the organisation and address both existing and emerging risks associated with it. To achieve this, they need to deepen their knowledge of the business, adopt a strategic mindset and sharpen their leadership and people skills to build an effective relationship with the stakeholders. For example, when a big data audit programme is implemented, Internal Audit (IA) should engage the organisation’s CIO and key leaders to understand the risks in terms of data collection, storage, analysis, security and privacy. By doing this, IA obtains assurance that the big data’s objective of providing critical intelligence is aligned with the enterprise-wide business strategy. 
 
The fast-paced digital world opens up opportunities for the IA profession. IA has to move towards the use of audit automation tools to transform auditing and improve audit effectiveness. For example, the use of data analytics tool provides insights to improve decision-making and it also decodes certain underlying trends or anomalies that could be an indicator of more pervasive problems. 
 
Our Global Internal Audit Leadership Summit and Annual Conference will be held from 25 to 27 October 2017. Learn from distinguished speakers, Audit Committee members, Chief Audit Executives, and ask yourself if you can stand up against “The Cyber Resilience Challenge”? How do you tackle “Auditing Big Data”?  Here’s also where you will find out more about ‘Innovative and Agile Internal Auditing at Google”. 
 
Early bird registration closes on 22 September. Register now.
 
Tan Boon Yen, CIA, CRMA
President
The Institute of Internal Auditors Singapore
August 2017 - Stepping Up The Value Of Internal Audit
To step up the value proposition of internal audit, Internal Auditors (IA) must keep up with both the internal and external environment that their organisations operate in. It is important for IA to keep up with emerging trends and risks to effectively meet and exceed their stakeholders’ expectations.
 
Consider the following I-I-A-S points as a constant reminder to stay abreast and value-add to your organisations:
 
Be Insightful – IA must be in touch with developments not only locally but around the world. Look out for trends and developments that can destabilise your organisation e.g. geopolitical instabilities and emerging technology and threats. Be conscious of unhealthy cultures in the operating environment. 
 
Be Innovative – Step out of your comfort zone and dare to harness technology to devise new and efficient ways of auditing. Amongst others, IA needs to re-invent itself with emphasis on soft skills, change in mindset and thinking out-of-the-box.
 
Be Agile – Businesses are affected by change. Innovate ways of partnering your stakeholders and seek their inputs to provide real time assurance. Engage stakeholders continuously to bridge any gaps in expectations and priorities.
 
Be Strategic-Minded – Understand business strategy, hone your business acumen skills by acquiring industry knowledge. Understand what is important for the growth and sustainability of the business and align internal audit efforts to support business strategies.
 
Be in touch with IIA Singapore. We work hard and continue to be a professional body that is resolved to support the development of the profession. Our members are recognised as indispensable to their organisations for effective governance, risk management, and control. Our global platform is an excellent conduit for keeping in touch with local and global standards, trends and best practices.
 
Yours Sincerely
Tan Boon Yen
President
July 2017 - Annual Conference

IIA Singapore will be hosting our Annual Conference at MBS, Sands Expo & Conference Center from 25 to 27 October. Together with Singapore Accountancy Commission (SAC), we are organizing the Global Internal Audit Leadership Summit, themed “Auditing in Cyber Age”.  In the current digital world, with automated business processes and entire value chains being digitally connected as well as changing business models where outsourcing and offshoring are the norm, exposures to cyber security risks are greater than before. Cyber security risks have tops the agenda of senior management and the audit committee and board members.

Back to back with the Summit is the Annual Conference, themed “IA in the Age of Transformation”.  With the dynamic and complex environment aggravated by the advancement of disruptive technologies, to be competitive, organisations need to embark on a transformation journey by reviewing their business strategies, systems and processes. Likewise, IA needs to transform to fortify its position as a value-adding partner and advisor to its organisation.  

The Summit and Conference will bring together both local and international speakers and it is a good opportunity to hear from the invited speakers and panelists that include Audit Committee members, Chief Audit Executives and other thought leaders. We have also invited speakers from Google, Microsoft and SAP. Participants can look forward to topics such as “Audit Committee’s Expectation of CAE in an Uncertain World”, “Building the Brand of IA”, “Future IA in the Transforming World”, “Managing Cyber Security Risk”, “Innovative and Agile Internal Auditing at Google” and “Leveraging Technology in IA”. The detailed program can be viewed at the IIA Singapore website

Yours Sincerely
Tan Boon Yen
President
June 2017 - Managing Outsourcing Risks

In today's business environment, organisations are outsourcing significant parts of their operations for various reasons e.g. for costs and efficiency reasons, for capacity management or to gain access to expertise. Organisations need to be cognizant of the risks of outsourcing which could have extensive impact on their businesses if not adequately managed. In recent years, there have been many incidents relating to outsourced operations that have not only caused major disruptions to businesses but have also resulted in penalties for non-compliance with regulatory requirements and tarnished their well-established reputation. Business processing and information technology outsourcing are increasingly prevalent. The most common and significant outsourcing risks relate to business continuity, confidentiality and security of information and intellectual properties, and compliance with regulatory and legal requirements. Organisations need to establish a governance and risk management framework to adequately mitigate the risks.

Internal auditors need to consider and include the assurance review of outsourced operations in their audit plan. There is a need to assess whether outsource risks have been identified and the severity of risks appropriately assessed by the organisation. The governing framework and organisational roles and responsibilities for managing outsourced risks need to be clearly established. Risk dashboards should be put in place to continuously monitor the management of risks so that there are early warning systems for timely measures to be taken. Important risk mitigating measures would include due diligence of potential and existing service providers, robust contract review and administration procedures, procurement processes and vendor performance management and monitoring procedures. It is necessary to also assess the service providers' regulatory compliance management procedures, their service operation framework and controls and their business continuity and crisis management procedures to ensure prompt recovery of critical business functions in the event of major business or systems disruption.

Yours Sincerely
Tan Boon Yen
President

Pages

Lessons from the Singhealth Cyberattack
 
Click here to download in PDF.