Menu

Main Menu

President's message

June 2017

Managing Outsourcing Risks

In today's business environment, organisations are outsourcing significant parts of their operations for various reasons e.g. for costs and efficiency reasons, for capacity management or to gain access to expertise. Organisations need to be cognizant of the risks of outsourcing which could have extensive impact on their businesses if not adequately managed. In recent years, there have been many incidents relating to outsourced operations that have not only caused major disruptions to businesses but have also resulted in penalties for non-compliance with regulatory requirements and tarnished their well-established reputation. Business processing and information technology outsourcing are increasingly prevalent. The most common and significant outsourcing risks relate to business continuity, confidentiality and security of information and intellectual properties, and compliance with regulatory and legal requirements. Organisations need to establish a governance and risk management framework to adequately mitigate the risks.

Internal auditors need to consider and include the assurance review of outsourced operations in their audit plan. There is a need to assess whether outsource risks have been identified and the severity of risks appropriately assessed by the organisation. The governing framework and organisational roles and responsibilities for managing outsourced risks need to be clearly established. Risk dashboards should be put in place to continuously monitor the management of risks so that there are early warning systems for timely measures to be taken. Important risk mitigating measures would include due diligence of potential and existing service providers, robust contract review and administration procedures, procurement processes and vendor performance management and monitoring procedures. It is necessary to also assess the service providers' regulatory compliance management procedures, their service operation framework and controls and their business continuity and crisis management procedures to ensure prompt recovery of critical business functions in the event of major business or systems disruption.

Yours Sincerely
Tan Boon Yen
President

May 2017

Were You Prepared For The Ransomware Attack?

The world's biggest-ever computer ransom assault in the month of May has affected more than 190 countries. The indiscriminate attack, which began on Friday, struck banks, hospitals and government agencies, exploiting known vulnerabilities in old Microsoft computer operating systems. According to the cyberattack message, payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted.  

Was your organisation prepared? What is your role as internal auditor with regards to cybersecurity? The IIA’s Global Technology Audit Guide (GTAG) in Sep 2016 is a useful guidance for internal auditors. In addition, “GTAG: Assessing Cybersecurity Risk” describes internal audit’s role in cybersecurity including the CAE’s role relating to assurance, governance, risk, and cyber threats and the assessment of risks and threats. “GTAG: Auditing IT Governance” also provides further guidance for IT governance.

Cybersecurity will continue to top the list of risks for internal auditors, audit committees, senior management and board of directors. Internal auditors play an important role as part of its overall assurance responsibilities, to determine if cybersecurity risks are addressed effectively. In reporting to the audit committee, CAE should keep cybersecurity on the agenda, discuss the level of cyber resilience preparedness with audit committees.  Internal auditors should also take a multi-prong approach i.e. from auditing people and culture on cybersecurity awareness and discipline, to risk management systems, policies and procedures and incident management framework. It is important for internal auditors to also share their insights in these areas with management and the Board.

Yours Sincerely
Tan Boon Yen
President

April 2017

Public Sector Internal Audit Conference 2017

The theme of our Public Sector Internal Audit (IA) Conference last week (April 20th & 21st) reflects the importance of internal auditors to be future-ready. It was another fruitful conference, thanks to the esteemed thought leaders and practitioners, for their insightful sharing and updates on current trends and developments as well as leading practices. The IA function of DBS Bank of Singapore shared an amazing IA transformation journey, leveraging on technology, harnessing data and working proactively with stakeholders to achieve audit effectiveness and effectiveness.  In my view, it is a world class IA function.

Beyond continuous and predictive auditing, participants heard about agile auditing. It is possible for the 1st, 2nd and 3rd lines of defense to work seamlessly to provide combined assurance to organizational stakeholders. Nevertheless, I would like to point out that this does not mean that IA’s role, as the 3rd line of defense, is no longer relevant. This position should not change as stakeholders rely on IA for independent and objective assurance.

In the current digital age with technology disruptions & innovations and data analytics, opportunities instead of challenges, are abound for IA to add and create value. Aptly put by one of our speakers - "It is a unique moment for IA to take leadership, facilitate new growth while maintaining compliance and building trust in the digital future."

May 1st is the start of International IA Awareness month where IIA Institutes and IA functions around the world, plan and organize activities to promote the value of internal auditing to their stakeholders. Look out for our May IA Awareness Month activities and we strongly encourage you together with members of your organization to participate in the activities organized by IIA Singapore. 

Yours Sincerely
Tan Boon Yen
President

March 2017

Poised For The Future

Singapore’s Committee of Future Economy (CFE) Report has identified seven strategies to achieve the vision to be the pioneers of the next generation. The strategies “acquire and utilize deep skills” and “build strong digital capabilities” resonate well with the transformation journey of the internal audit profession.  

As Singapore enters a new phase of development, the journey is challenging. An area that Singapore must position itself is by “developing deep digital capabilities”. With technology and digitalisation transforming many businesses, internal auditors need to acquire and develop strong capabilities in digital technologies, in particular, data analytics. Data is an asset that should be harnessed to transform audit quality and raise productivity. Cyber security is key as organisations are exposed to cyber threats with increasing reliance on mobile and cloud computing, internet and social media.  Internal auditors need to be equipped to provide assurance to stakeholders on cyber security risks and controls.

To continue to serve stakeholders well, internal auditors must continue to acquire and develop new skills, strive for agility and equip themselves for the future. Internal audit work will be challenging, interesting and impactful if we focus well on what is ahead for the business. The 10 core principles of IIA’s International Professional Practices Framework (IPPF) 2015 include a very relevant core principle - IA must be “insightful, proactive and future-focused” to be effective.  

One aspect that will not change for internal auditors is to build a firm foundation with relevant certifications and continuing professional development. At this point, I would like to congratulate our young professional, Ms. Fiona Tan Yan Wen, a member of IIA Singapore who has received the William S. Smith Award, a Certificate of Honour for achieving the highest score in the recent CIA exam. Well done! 

Yours Sincerely
Tan Boon Yen
President

February 2017

Rising to The Challenges of The Future

Prof Foo See Liang of Singapore Management University (SMU) facilitated an interesting forum at the SMU-X IA Elective class last week. IIA has supported the elective program for students since 2013. The IA Forum for this semester comprises a panel of Heads of IA who spoke on the topic “Disruptive Technology”.

The panelists shared on how digitisation, cloud computing, artificial intelligence, data analytics, internet of things have impacted their businesses. The changes are rapid. Some jobs are made redundant with processes being made obsolete as human interventions are reduced and eliminated. There are increased vulnerabilities in the digital space.

What does it mean for IA? In general, the panel expressed that an effective internal audit team must have an understanding of technology and continuously train and upskill themselves.

Being competent in data analytics is important as data is changing the face of the world. Insights can be generated by processing and interpreting data that will allow IA to value add to their stakeholders. At the same time, technology is a plus to internal audit, making it possible for IA to work faster and achieve better and more extensive coverage. The panel expressed a common sentiment is that it is critical for IA to work closely with the 1st and 2nd lines of defense. With a collaborative approach, IA can be much more effective than working in isolation.

The challenge of disruptive technology is very real. IIA Singapore is organising the Public Sector Internal Audit Conference on 20-21 April 2017 with the theme “Rising to the Challenges of the Future”. The conference program will cover the topic of disruptive technologies and how IA can rise to the challenges. Do save the date to attend the conference and it will be a valuable opportunity to hear from our speakers and panellists.

Yours Sincerely
Tan Boon Yen
President

January 2017

Start of A Brand New Year

Happy New Year! I hope everyone has had a wonderful break and are fully re-charged for a brand new year. It is exciting times ahead for internal auditing as we take on new roles and continually adapt to the changing world and environment. 

Let us continue to develop and invest in ourselves through learning and development, professional certification and qualification, networking and relationship building at the different platforms. The Institute of Internal Auditors (IIA) Singapore looks forward to engaging members of the internal audit (IA) profession and encouraging them to actively participate in committees, education, advocacy and many other activities that helps advance the profession to greater heights. Volunteering and contributing in these platforms are not only enriching but provides valuable development opportunities on a personal level as well. 

IIA Singapore has launched a brand new "Learn at Lunch" series, commencing January 2017 (scheduled every 2nd Thursday/Friday of the month). We welcome all to participate and the series is specially planned to bring in experts/practitioners to share new and emerging trends/topics impacting the profession. 

Just to also note the new International Standards for the Professional Practice of Internal Auditing (Standards) that takes effect from January 1, 2017. The revised Standards include two new Standards, the alignment of the Standards to the Core Principles and some updates to existing Standards. The new Standards (1112 and 1130) addresses the reality that increasingly, CAEs are expected to take on risk management, compliance or other roles beyond internal auditing. Such roles may impair or appear to impair the orgniasational independence of the IA acticity or the individual objectivity of the internal auditor. It is important to maintain safeguards for such activities. 

It is also time to wish all good health, happiness and great fortune in the year of the Rooster! 

Yours Sincerely
Tan Boon Yen
President

December 2016

2017 and IA’s Transformation Journey
My best wishes and sincere thanks to our members, collaborating institutes and partners for their support as we conclude an eventful 2016 and shift our momentum into the new year.
 
Although the general economic outlook and business environment is not optimistic, it will not be all gloom and doom for businesses as there will be opportunities amidst challenges. Businesses have entered the age of disruption and need to review and adapt their business strategies to remain relevant. 
 
The Internal Audit (IA) profession is also undergoing a transformation journey. While the emerging risks landscape presents internal auditors with a more complex task, it also presents unprecedented opportunities. Internal auditors are uniquely positioned to play a role in contributing to the success of their organizations and IA’s insights can be an engine for innovation and business improvement. IA professionals need to acquire new skills, explore new opportunities and exercise creativity in ways that create value for their organization. IA functions must fully evaluate their staff's capabilities and take steps to fill the gaps between current skills and the skills required to respond to growth.
 
IIA Singapore will continue to promote internal audit excellence and provide platforms to nurture the development of IA professionals, drive thought leadership and promote sharing of knowledge. Incidentally, the institute will be launching a Mentorship programme with the Singapore Accountancy Commission in 2017 for aspiring Chief Audit Executives. The main objective of the mentorship programme is to connect aspiring CAEs with a more experienced Mentor whose knowledge, guidance and expertise will enable and support the Mentee in his/her journey to grow professionally. 
 
We look forward to an exciting year ahead working towards greater progress with the IA profession and creating the value in our organisations.
 
Wishing all a blessed Christmas and New Year ahead!
 
Yours Sincerely
Tan Boon Yen
President
 

November 2016

Managing Stakeholders’ Expectations
In today’s environment, organisations seek value from internal audit (IA) functions and expect more than an assurance report on internal controls. 
 
At the IIA Singapore’s Global IA Leadership Summit and the Asian Confederation of Institutes of Internal Auditors (ACIIA) Conference last week (16-18 November), there were many useful insights from speakers, panelists, IA practitioners and IA stakeholders who participated in the conference. Just to summarise 4 key takeaways relating to managing stakeholders’ expectations, with words that start with “C”:
 
“Collaborate” – Building collaborative relationships with stakeholders is important and relationship acumen is a key attribute for IA leaders. To quote Richard Chambers in his book “Lessons Learned on the Audit Trail” - “A confident and courageous CAE who spends time building relationships can negotiate a middle ground that meets the goals of both board and management in the long run”
 
“Communicate” - Communicate and provide insights and advice to stakeholders in areas that resonate with their concerns and build trust. Engage stakeholders continuously to bridge any gaps in expectations and priorities. Frequent face-to-face meetings and discussions are important. Not just written communication.
 
“Customers” – The IIA Research Foundation and Protiviti has published a Stakeholder Survey “Voice of the Customer” in July 2016. It contains recommendations from stakeholders on best practices that internal auditors should consider in their quest to continually improve performance and bring value to their organizations.
 
“Change” – IA must keep up with change. Feel the pulse of the organisation and its internal and external environment. Focus on high impact areas. Leverage on technology to devise new and efficient ways of auditing.
 
Other important “C”s are courage, conviction, continuous monitoring, culture, critical thinking, cyber security, connecting the dots, coordination, competencies and the list goes on….
 
Yours Sincerely
Tan Boon Yen
President

 

October 2016

Scaling New Heights In Governance
The Internal Audit Excellence Award was presented at the Securities Investors' Association (Singapore) (“SIAS”) Investors' Choice Awards dinner on 30 September 2016. IIA Singapore congratulates this year's award Keppel Corporation Limited and the Runners-Up, City Development Limited and Fraser & Neave, Limited.  
 
It is important to recognise the value that IA brings to the organisation and its stakeholders. IA provides objective assurance and insight on the effectiveness and efficiency of governance, risk management and internal control processes. IIA Singapore applauds SIAS in raising awareness of the investor community on the role of IA in protecting and enhancing long term shareholder value.
 
All organisations should work towards “Scaling New Heights in Governance”. This is the theme of the upcoming Asian Confederation of Institutes of Internal Auditors (“ACIIA”) Conference 2016 on 17 & 18 November 2016 at the Marina Bay Sands Expo & Convention Centre. IIA Singapore is proud to be the host country this year and look forward to welcoming our foreign delegates.  This year’s Global Internal Audit Leadership Summit (GIALS) will be held on 16 November 2016 and 200 IA leaders from Singapore and around the region are expected to converge at the summit.
 
We are very honoured to have Ms. Angela Witzany, the 2016-17 IIA Global Chairman of the Board and Mr. Richard Chambers, IIA Global President and CEO at the conferences. We have a line-up of regional and global speakers and topics that are insightful and relevant to the current business and economic climate e.g. “Combating Money Laundering through Governance”, “Navigating Technology Risks”, “Cybersecurity Landscape and Asia”, “Data and Analytics” and “Proactive Fraud Analysis”. 
 
The 3-day event will end with our 40th year anniversary Gala Dinner on 18 November 2016. This year’s event will especially memorable and exciting and we look forward to seeing everyone to catch up and have a great time!
 
Yours Sincerely
Tan Boon Yen
President

September 2016

Investing in Yourself
One of IIA Singapore's vision is to develop the skills of internal auditors through education and professional development. Through the IIA Singapore Academy, we aim to raise the professional competency of IA professionals as well as the wider communities of risk management and finance professionals.  Guided by The IIA Global Internal Audit Competency Framework consisting of 10 core competencies, the IIA Academy identifies and designs seminars suited for each broad job level, namely internal audit staff, internal audit management, and the chief audit executive. In 2015, about 60 seminars were organized by our IIA Academy using the Competency Framework.
 
In the 2016 Global Internal Audit Common Body of Knowledge (CBOK) study, the world’s largest ongoing study of the internal audit profession with 14,518 respondents, “analytical/critical thinking” and “communication skills” were identified as the top two skills Chief Audit Executives survey respondents have expressed to be skills that they are recruiting or building the most in their internal audit department.  The IIA Academy will continue to include seminars to upskill the participants in the areas. The study also showed that about 4 out of 10 survey respondents received less than 40 hours of training per year, which is below the required level to maintain many IIA certifications. The Continuing Professional Education (CPE) requirement of 40 hours is the annual guideline for practising CIA-certified professionals. With the reporting deadline being 31 December each year, all are encouraged to plan for the continual update in various competencies.
 
I am happy announce that IIA Singapore has successfully secured the ISCA-CIA Challenge Exam which is a one-off accelerated pathway offered to qualified members of The Institute of Singapore Chartered Accountants (ISCA), to earn the certification upon passing one condensed exam.  The exam application period is from 1 September to 31 October 2016. 
 
It is important for all of us to continue to invest in ourselves to develop professionally and progress in our career. 
 
Yours Sincerely
Tan Boon Yen
President
 

Pages