As IIA Singapore enters its 38th year, looking back at the past years brings fond memories of IIAS’ achievements. The IIA is the international standard-setter for Internal Auditors and there are now more than 115,000 Certified Internal Auditors (CIA) around the world. The IIA's other certifications, CRMA, CCSA, CFSA and CGAP are also enjoying steady growth.
Looking ahead, the profession is inevitably heading for change and our perennial role of providing independent and objective assurance will remain, while the expectations of Internal Audit continue to increase with evolving regulations, stakeholder demands and technological progress.
After having been in the profession for many years, I would like to humbly share my thoughts for success in this profession:
First, expand your horizon and look beyond your space if you aspire to be successful. Understand business risks, reach out, invest time with business units, and partner with them to bring success.
Second, technology will drive efficiency and shape the future of how audits are planned and executed. The next few years will see increasing use of data analytics. Keeping abreast with technology will ensure you stay relevant with changing times.
Third, Combined Assurance will be embraced by organisations of the future, drawing assurance from various providers. Assurance providers such as IA, compliance and risk management will rely on each other and cease to work in silos in order to provide assurance and protect the interests of the organisation. IA is in the best position to champion and coordinate this effort.
I wish you all a rewarding and colourful new year of success in the profession.
"Life isn't about finding yourself. Life is about creating yourself." – George Bernard Shaw
It is not uncommon to hear “small talks” in your organisation commenting “who audits the internal auditor”. Those who are in the internal audit profession will probably know that we are subject to audit or, “body examination” by everyone, top down and bottom up!
As the IA definition says,
"Internal audit is an independent, objective assurance and consulting activity designed to add value to improve the organisation’s operations."
This carries with it a heavy burden because organisations have great expectations from internal auditors to provide value to the organisation objectively as an independent body.
When auditing an organisation’s process, a process owner may query internal auditors on the rationale for the recommendations arising from the observations; or during audit fieldwork, they may share with IA that certain processes are not efficient due to the controls. Likewise, the users of the process may also at times query the internal auditors on lack of flexibility when non-compliances are highlighted. In addition, the external auditors too may seek further clarifications, evidence and views from the audit reports in their external audit. Here, internal auditors are tested on their ability to assess and explain objectively their concerns/feedback.
What about the top echelon? When does senior management query IA? At times, IA is asked to provide explanations when the reports are given amber or red rating on the observations noted. More pressure will be put on IA when the audit reports are graded as unsatisfactory. Not to forget, the AC/boards together with senior management would too review whether internal audit activity collectively possesses the necessary knowledge, skills, resources and other competencies to conduct the engagements and execute the annual audit plan, appropriately. Thus IA has to be prepared and be ready to lead them in the discussions with confidence.
More importantly, in 2002, the International Professional Practices Framework Standard (IPPF) requires the internal audit activity to conduct external Quality Assessment Review (QAR) at least once every five years by a qualified, independent assessor. This further subjects IA to a structured audit by an external party. The results of the review and its recommendations, comprising of the extent of IA’s conformance to the Definition of Internal Auditing, the Code of Ethics, and the Standards will be reported to AC/Board and Management.
In summary, IA is subject to audit or “close examination” regularly more often than the other non-audit functions. We are audited for professionalism, competencies, financial acumen, business knowledge, audit methodologies, etc. by the various stakeholders such as process owners, staff, management, external auditor, Audit Committee etc.
To stay relevant and effective, internal auditors need to continuously raise the bar to meet stakeholders’ expectations and add value to the organisation. In fact the rigorous scrutinies by various parties have heightened internal auditors’ desire to excel in their profession.
2020 is used as a milestone by countries and organisations to set a vision and measure progress. The Singapore accountancy sector aims to transform into the leading global hub for Asia-Pacific by 2020; and where we are concerned - to develop into a Centre of Excellence in Internal Audit, a platform for leading professional development and certification that will attract professionals from the region. As the profession’s standard-setter and chief advocate, IIA Singapore is working closely with the Singapore Accountancy Commission (SAC) to achieve this vision. 2020 may seem far away, but in reality there are only six years to go. We welcome members’ inputs on how we can further raise the bar for the profession.
Leading to 2020, how will the expectations of our stakeholders evolve? During one of our recent events, a member wryly reminisced to me that at the start of her IA career in the 1980s, the function required traditional financial and operational assurance skills. Almost two decades later, her role has inevitably blossomed to include a rainbow of skill sets which include strong business acumen, relationship management and change management. Acknowledging this, I could not help but imagine the possibilities which could surface in the next six years. Will more and more countries, including Singapore, make IA a necessary function? Will IA’s voice and “seat at the table” be secured, maintained and strengthened? What will make up the DNA of a “high-performing” IA team in year 2020?
2020 will naturally be the year we gauge where IA stands in the Asia-Pacific region as Singapore moves steadily towards its quest to be a global accountancy hub and a Centre of Excellence in Internal Audit. Some risks which could derail the profession's resolute march towards this vision - for example: not meeting stakeholder expectations, lagging behind other assurance functions, and failure to focus on high-risk areas which can lead to corporate failure and the oft-repeated question, “Where were the Internal Auditors?” It is important that we manage these risks well, so that when 2020 comes round, the internal audit profession as a whole can acknowledge with confidence that they are well-positioned to serve their stakeholders.
I wish you all a Blessed Lunar New Year,
The highlights of Budget 2014 reflect the government’s continued focus on increasing productivity through upgrading of skills, automation and innovation across businesses. Economic restructuring and business transformation are important in order to maintain Singapore’s competitiveness. While businesses undergo a journey of transformation with the government 's financial packages, the importance of having effective controls over the use of funds to invest in technology and CAPEX is one vital aspect of governance that senior management should pay attention to.
In this respect, Internal Audit has a crucial role to play. IA provides independent assurance to senior management that the CAPEX planning process in the organisation is operating effecti vely. IA can help to review that the projects identif ied and prioritised are aligned with business strategy. IA can also add value by providing independent advice on whether the business has maximised all available tax deductions and subsidies by the government. While being involved, Internal Audit must retain a bird’s eye view and maintain their independence at all times.
To be effective and value-adding in this dynamic and evolving business landscape, Internal Auditors together with other assurance professionals in the organisation must equip themselves with the right capabilities, skills and expertise to be a valuable resource to senior management and the Board . In turn, senior management and the Board must also ensure that these internal assurance providers are adequately staffed, resourced and developed professionally so that they can effectively support business growth.
An effective internal audit is the cornerstone of good governance. From what I understand, Internal Auditors who make things happen are characterised by a trilogy of sights: Oversight, Insight and Foresight. When these oversight, insight and foresight elements are inherent in internal auditing, IA effectiveness would become visibly versatile. Its effectiveness comprises two parts, namely, internal auditor effectivenessand internal audit function effectiveness.
On oversight, it assures that the implemented policies and overall performance are met as planned and within the governance framework. Through insight, it provides independent assessment on the effectiveness, efficiency and economy of the processes. And lastly, foresightrequires identifying trends, threats and emerging challenges etc so as to pre-empt serious harm from affecting the organisation.
As an effective internal auditor, he/she must demonstrate competency, independence and objectivity without compromising integrity and confidentiality. More importantly, Internal Auditors must continuously upgrade and keep abreast with new and changing developments in the market to enable effective auditing.
For the internal audit function to be effective in executing activities, it has to be sufficiently resourced with tools and competent staff to evaluate significant risks, appropriately positioned with sufficient organisational authority, and have a close link with management and the board to understand their business concerns and issues in order to be effective. It has to develop skills and capabilities such as risk management, forensic fraud, IT etc to respond to crises.
Effective Internal Auditors who have Oversight, Insight and Foresight, as well as Internal Audit functions which are run effectively, will be ready to contribute fruitfully to the organisation and assist management and the board to discharge their responsibilities well.
I am sure that most organisations, big or small, would have Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) which are aligned to their mission and goals.
As Internal Auditors, it is imperative to have a deep understanding of business operations, KPIs and KRIs of the company you work for in order to help the board and management achieve the mission. IA will be treasured for their contribution when the work they do helps their organisation grow profitably toward their business goals, and guards the organisation from internal and external threats.
The job of a CAE entails them to work with management and process owners to identify areas in the audit universe that matter to them most, i.e. areas that enhance their performance (KPIs) and ease the threats (KRIs). They would then prioritise it amongst other processes and incorporate in the annual audit workplan.
The key findings and recommendations of these audits would be key to driving performance and reducing threats. We all know that contributions by IA are difficult to measure especially if they are intangible and take time to germinate but we can at least use the KPIs and KRIs as proxies in our self-performance evaluation.
When management sees that IA contributes to the KPIs and ease the KRIs, this would position IA as essential to a company’s value creation and success.