President's message

Message 2

Dear Members,

It is that time of the year again where public-listed companies who won the IA Excellence Award will be feted at the 14th Investors’ Choice Awards tonight, as part of the Singapore Corporate Governance Week. The Internal Audit Excellence Award, better known as the IAEA, is awarded yearly by IIAS, SIAS and SMU to Singapore public-listed companies that have put in place an effective Internal Audit function to enhance corporate governance, risk management and internal controls. I am pleased to say that we experienced a record-breaking number of award submissions this year by public-listed companies, and I am confident that IAEA’s journey to becoming a household name is well on its way.

Besides the IAEA, yearly conferences have always featured as a key aspect of our advocacy initiatives. As part of our recent September conference, we were very proud to have the IIA Global Chairman, Paul Sobel visit Singapore. During his visit, he met with key stakeholders in the profession and we were honoured to receive the Chairman's feedback subsequently that, “IIA Singapore is an active and engaged Institute with a strong board and many productive ideas. Their initiatives with organizations such as the SIAS, SAC, and AGO, will improve the practice of internal auditing in Asia while elevating the Institute to new heights in 2013 and beyond.”

We recently unveiled the theme for our next Public Sector Internal Audit Conference (PSIA 2014), “Taking the Lead in Effective Governance”. Taking place at the Marina Mandarin on April 8-9, I strongly urge all IA, governance and risk management professionals involved with the public sector to attend and learn from thought leaders from all over the world. We will be revealing more details on the programme in the coming month.

This week, I travelled to Taipei to represent IIA Singapore at the 2013 ACIIA conference where more than 1000 delegates gathered from around the region. IIA Singapore is one of 18 IIA affiliates in the Asian Confederation of Institute of Internal Auditors (ACIIA). I am also pleased to announce that it will be Singapore's turn to host the ACIIA conference in year 2015 and we look forward to having members volunteer their support at this regional event.

Yours Sincerely,
Eric Lim

Message 1

Dear Member,

As 2013 comes to a close, we have witnessed a number of significant milestone activities by IIA Singapore that have contributed to raising the profile and visibility of the internal audit profession.

Through our three main activity drivers: advocacy, professional development and corporate/administrative support activities, we have seen our stakeholders, regulatory bodies, members and the public become more aware of and feel the value-adding pulse of the IA profession.

The members’ aspiration of making the IA profession credible and amongst the top sought-after professions has inspired our IIA Governors & Secretariat team to work for better educational programs during the year. Our objective has been to sharpen members’ professional skills and competencies to gain confidence and trust of Boards, C-suites and stakeholders of the IA’s unique role and independent position in the organisation in adding value and protecting organizational interest.

Keeping ourselves professionally relevant is the key in bringing collective success to our organization. Constantly upgrading ourselves in tandem with the evolving business landscape, changing regulations, stakeholders’ demand for better governance, IT revolution, and cultural complexity in the workforce are daunting but are a must to survive in this age.

For these reasons, IIA Academy drummed up an unprecedented number of professional development activities for members to enable them to review corporate processes effectively relating to the risks and opportunities confronting their organisations’ businesses in these complex regional and global economies. A well-equipped unit thus reflects its capability and capacity to handle the larger risk-based annual workplan and the “Black Swans” that will harm ill-prepared organisations. The coming educational professional activities are available in the IIAS Academy Website.

Our advocacy activities for the year have also been stepped up on a high note on several fronts. IIAS established ties with Singapore academia to raise awareness among students of the IA profession and the important role it plays in the organisation. We worked with SMU to introduce the inaugural Internal Audit elective, where attendance by third and fourth year students was overwhelming. The unique feature of this program is that the eight modules were delivered by our governors/members who were senior practitioners in the industry! The program successfully ended recently and was well-received by the students. We sponsored a scholarship and prizes for a case competition on internal audit which were won by 3 deserving teams. SMU will be running the IA elective again in January 2014. We welcome IIAS members to register their interest to participate as guest lecturers in this elective that helps to promote the profession among students.

Last month, we also hosted a forum at UNISIM where two IIA members who were senior practitioners in the industry shared their passion for IA with the students and advised them about how to begin a career in IA. Read more about it here. We will continue maintaining a presence at universities as part of our long-term vision of growing internal auditors from the ground up.

We have good news for you regarding improvements in our secretariat services. Members who are certified with the CIA, CCSA, CFSA, CGAP and CRMA have to fulfil annual CPE reporting with IIA Singapore all these years. Starting from Dec 2013, IIAS worked with IIA Global to allow direct filing of CPE hours electronically through IIA Global’s Certification Candidate Management System (CCMS). With this development, members have another option to do their CPE filing. This initiative is part of our efforts to increase the convenience to our members for CPE reporting. I want to also take this opportunity to remind IIA Singapore's members that with this option, members have up until 31 Dec 2013 to file their CPE.

Last but not least, a hallmark event that took place is the inaugural Public Sector Internal Audit Conference. We were very enlightened by the high turnout by the auditors from the public sector last April, and we look forward to another successful PSIA conference on 8-9 April 2014! Save your dates!

I hope you are as excited and proud of the IIA Singapore Chapter as much as I am and I look forward to serving you with results. I take this opportunity to wish you and your families a Merry Christmas and Blessed New Year in advance.

Yours Sincerely,
Eric Lim

Looking Back, Looking Ahead, Looking Beyond

As IIA Singapore enters its 38th year, looking back at the past years brings fond memories of IIAS’ achievements. The IIA is the international standard-setter for Internal Auditors and there are now more than 115,000 Certified Internal Auditors (CIA) around the world. The IIA's other certifications, CRMA, CCSA, CFSA and CGAP are also enjoying steady growth.

Looking ahead, the profession is inevitably heading for change and our perennial role of providing independent and objective assurance will remain, while the expectations of Internal Audit continue to increase with evolving regulations, stakeholder demands and technological progress.

After having been in the profession for many years, I would like to humbly share my thoughts for success in this profession:

First, expand your horizon and look beyond your space if you aspire to be successful. Understand business risks, reach out, invest time with business units, and partner with them to bring success.

Second, technology will drive efficiency and shape the future of how audits are planned and executed. The next few years will see increasing use of data analytics. Keeping abreast with technology will ensure you stay relevant with changing times.

Third, Combined Assurance will be embraced by organisations of the future, drawing assurance from various providers. Assurance providers such as IA, compliance and risk management will rely on each other and cease to work in silos in order to provide assurance and protect the interests of the organisation. IA is in the best position to champion and coordinate this effort.

I wish you all a rewarding and colourful new year of success in the profession.

"Life isn't about finding yourself. Life is about creating yourself." – George Bernard Shaw

Yours Sincerely,
Eric Lim

Are Internal Auditors Being Audited Always?

It is not uncommon to hear “small talks” in your organisation commenting “who audits the internal auditor”. Those who are in the internal audit profession will probably know that we are subject to audit or, “body examination” by everyone, top down and bottom up!  

As the IA definition says,
"Internal audit is an independent, objective assurance and consulting activity designed to add value to improve the organisation’s operations."
This carries with it a heavy burden because organisations have great expectations from internal auditors to provide value to the organisation objectively as an independent body.

When auditing an organisation’s process, a process owner may query internal auditors on the rationale for the recommendations arising from the observations; or during audit fieldwork, they may share with IA that certain processes are not efficient due to the controls. Likewise, the users of the process may also at times query the internal auditors on lack of flexibility when non-compliances are highlighted. In addition, the external auditors too may seek further clarifications, evidence and views from the audit reports in their external audit. Here, internal auditors are tested on their ability to assess and explain objectively their concerns/feedback.

What about the top echelon?  When does senior management query IA?  At times, IA is asked to provide explanations when the reports are given amber or red rating on the observations noted.  More pressure will be put on IA when the audit reports are graded as unsatisfactory. Not to forget, the AC/boards together with senior management would too review whether internal audit activity collectively possesses the necessary knowledge, skills, resources and other competencies to conduct the engagements and execute the annual audit plan, appropriately. Thus IA has to be prepared and be ready to lead them in the discussions with confidence. 

More importantly, in 2002, the International Professional Practices Framework Standard (IPPF) requires the internal audit activity to conduct external Quality Assessment Review (QAR) at least once every five years by a qualified, independent assessor. This further subjects IA to a structured audit by an external party. The results of the review and its recommendations, comprising of the extent of IA’s conformance to the Definition of Internal Auditing, the Code of Ethics, and the Standards will be reported to AC/Board and Management.   

In summary, IA is subject to audit or “close examination” regularly more often than the other non-audit functions. We are audited for professionalism, competencies, financial acumen, business knowledge, audit methodologies, etc. by the various stakeholders such as process owners, staff, management, external auditor, Audit Committee etc.

To stay relevant and effective, internal auditors need to continuously raise the bar to meet stakeholders’ expectations and add value to the organisation. In fact the rigorous scrutinies by various parties have heightened internal auditors’ desire to excel in their profession.

2020: The Future Belongs To Us

2020 is used as a milestone by countries and organisations to set a vision and measure progress. The Singapore accountancy sector aims to transform into the leading global hub for Asia-Pacific by 2020; and where we are concerned - to develop into a Centre of Excellence in Internal Audit, a platform for leading professional development and certification that will attract professionals from the region. As the profession’s standard-setter and chief advocate, IIA Singapore is working closely with the Singapore Accountancy Commission (SAC) to achieve this vision. 2020 may seem far away, but in reality there are only six years to go. We welcome members’ inputs on how we can further raise the bar for the profession.

Leading to 2020, how will the expectations of our stakeholders evolve? During one of our recent events, a member wryly reminisced to me that at the start of her IA career in the 1980s, the function required traditional financial and operational assurance skills. Almost two decades later, her role has inevitably blossomed to include a rainbow of skill sets which include strong business acumen, relationship management and change management. Acknowledging this, I could not help but imagine the possibilities which could surface in the next six years. Will more and more countries, including Singapore, make IA a necessary function? Will IA’s voice and “seat at the table” be secured, maintained and strengthened? What will make up the DNA of a “high-performing” IA team in year 2020?

2020 will naturally be the year we gauge where IA stands in the Asia-Pacific region as Singapore moves steadily towards its quest to be a global accountancy hub and a Centre of Excellence in Internal Audit. Some risks which could derail the profession's resolute march towards this vision - for example: not meeting stakeholder expectations, lagging behind other assurance functions, and failure to focus on high-risk areas which can lead to corporate failure and the oft-repeated question, “Where were the Internal Auditors?” It is important that we manage these risks well, so that when 2020 comes round, the internal audit profession as a whole can acknowledge with confidence that they are well-positioned to serve their stakeholders.

I wish you all a Blessed Lunar New Year,

Eric Lim

Budget 2014 - How Does Internal Audit Add Value?

The highlights of Budget 2014 reflect the government’s continued focus on increasing productivity through upgrading of skills, automation and innovation across businesses. Economic restructuring and business transformation are important in order to maintain Singapore’s competitiveness. While businesses undergo a journey of transformation with the government 's financial packages, the importance of having effective controls over the use of funds to invest in technology and CAPEX is one vital aspect of governance that senior management should pay attention to.

In this respect, Internal Audit has a crucial role to play. IA provides independent assurance to senior management that the CAPEX planning process in the organisation is operating effecti vely. IA can help to review that the projects identif ied and prioritised are aligned with business strategy. IA can also add value by providing independent advice on whether the business has maximised all available tax deductions and subsidies by the government. While being involved, Internal Audit must retain a bird’s eye view and maintain their independence at all times. 

To be effective and value-adding in this dynamic and evolving business landscape, Internal Auditors together with other assurance professionals in the organisation must equip themselves with the right capabilities, skills and expertise to be a valuable resource to senior management and the Board . In turn, senior management and the Board must also ensure that these internal assurance providers are adequately staffed, resourced and developed professionally so that they can effectively support business growth. 

Eric Lim

Oversight, Insight, Foresight

An effective internal audit is the cornerstone of good governance. From what I understand, Internal Auditors who make things happen are characterised by a trilogy of sights: Oversight, Insight and Foresight. When these oversight, insight and foresight elements are inherent in internal auditing, IA effectiveness would become visibly versatile. Its effectiveness comprises two parts, namely, internal auditor effectivenessand internal audit function effectiveness.

On oversight, it assures that the implemented policies and overall performance are met as planned and within the governance framework. Through insight, it provides independent assessment on the effectiveness, efficiency and economy of the processes. And lastly, foresightrequires identifying trends, threats and emerging challenges etc so as to pre-empt serious harm from affecting the organisation.

As an effective internal auditor, he/she must demonstrate competency, independence and objectivity without compromising integrity and confidentiality. More importantly, Internal Auditors must continuously upgrade and keep abreast with new and changing developments in the market to enable effective auditing.

For the internal audit function to be effective in executing activities, it has to be sufficiently resourced with tools and competent staff to evaluate significant risks, appropriately positioned with sufficient organisational authority, and have a close link with management and the board to understand their business concerns and issues in order to be effective. It has to develop skills and capabilities such as risk management, forensic fraud, IT etc to respond to crises.

Effective Internal Auditors who have Oversight, Insight and Foresight, as well as Internal Audit functions which are run effectively, will be ready to contribute fruitfully to the organisation and assist management and the board to discharge their responsibilities well.

Yours Sincerely
Eric Lim

Proxies for Gauging IA's Contributions

I am sure that most organisations, big or small, would have Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) which are aligned to their mission and goals.

As Internal Auditors, it is imperative to have a deep understanding of business operations, KPIs and KRIs of the company you work for in order to help the board and management achieve the mission. IA will be treasured for their contribution when the work they do helps their organisation grow profitably toward their business goals, and guards the organisation from internal and external threats.

The job of a CAE entails them to work with management and process owners to identify areas in the audit universe that matter to them most, i.e. areas that enhance their performance (KPIs) and ease the threats (KRIs). They would then prioritise it amongst other processes and incorporate in the annual audit workplan.

The key findings and recommendations of these audits would be key to driving performance and reducing threats. We all know that contributions by IA are difficult to measure especially if they are intangible and take time to germinate but we can at least use the KPIs and KRIs as proxies in our self-performance evaluation.

When management sees that IA contributes to the KPIs and ease the KRIs, this would position IA as essential to a company’s value creation and success.

Yours Sincerely
Eric Lim