on best behaviour - caspianmedia.caspianmedia.com/document/3fc375f20c823dc293... · bhbi’s triple...
TRANSCRIPT
T h e m a g a z i n e o f t h e C h a r t e r e d I n s t i t u t e o f I n t e r n a l A u d i t o r s
I s s u e 1 3 S e p t e m b e r / O c t o b e r 2 0 1 3
Scott Strachan,global head of IA at Aberdeen Asset Management, explains how his firm carried out its first cultural audit
On best behaviour
Restoration project: HIAs discuss the IIA’s financial services guidance Pick yourself up and dust yourself down: kick-start your career after redundancy Flying visits: flexible resourcing at the Civil Aviation Authority
If you hold the CMIIA Award or the PIIA Award already, take the fast track route to enhanced CPD and further qualifications and achieve:
• TheCMIDiplomainStrategicManagement&Leadership
• CharteredManagerstatus
If you’re just starting out in your career in auditing you can study for your professional qualifications with BHBi and have the Triple Qualification built into your training!
Thiswillhelpyoubecomemoremarketable,enhanceyourcareerprospectsandgainaccesstoprofessionalnetworkswhilstalsodemonstratingahighlevelofstrategiccompetenceandauditandmanagerialprofessionalism.
For a confidential discussion on how BHBi can help you achieve more from your professional auditing qualification contact:
Mark [email protected]
Paul [email protected]
Are you a professional internal auditor holding either the IIA Diploma (PIIA) or IIA Advanced Diploma (CMIIA)?
Are you just starting out in your career in audit?
PREMIER PRACTICE
Ifso,contactBHBitofindouthowtheBHBi Triple Qualificationcouldhelpyouincreaseyourprofessionalstandingandbecomemoremarketable.
BHBi’s Triple Qualification comprises of:
• CMIIA/PIIAAward
• CharteredManagementInstitute(CMI)Level7DiplomainStrategicManagement&Leadership
• CharteredManager(CMgr)status
BHBi has been quality assured and assessed by the CMI to offer the fast track route to enhanced, continued professional development. Offering a wide range of practical professional resources, CMI membership will not only enhance your employability, but help take your professional practice to the next level and beyond.
www.bhbi.co.uk/triple-qualificationCharteredManageristhehigheststatusthatcanbeachievedinthemanagerialprofession.AwardedonlybyCMI,itisrecognisedthroughoutthepublicandprivatesectors,acrossallmanagementdisciplines.
4761 CMI Ad Audit Risk AW.indd 1 17/04/2013 12:52
Contents
Front3 the IIA view From the chief executive, Ian Peters.
5 World view From Richard Chambers, IIA Global president and CEO.
7 View from the top From Ian Whybrow, head of internal audit at Vanquis Bank.
8 Update The latest news affecting the profession.
10 Conference preview What to look forward to at the IIA’s annual conference.
12 reportage Accenture urges companies to rethink strategies on innovation.
FeAtUres14 the new guidance Senior internal auditors discuss the IIA’s new financial services guidance.
18 Cultural asset Scott Strachan, global audit chief at Aberdeen Asset Management, on culture and strategy.
22 Culture clash Why and how internal auditors are moving into cultural assessments.
26 team effort How staff from across the aviation regulator CAA get on board its audit team.
30 time out Is redundancy the end or the beginning of a career?
reGULArs35 Career development What you can gain from volunteering with a charity in a developing country.
36 You asked us Experts answer readers’ technical questions.
37 IIA update Institute news and membership matters.
40 Courses and events Key training dates.
42 student noticeboard Essential information for exam candidates.
18
14
26
We post more news and articles online every week. To access these, visit www.auditandrisk.org.uk
Published for the Chartered Institute of Internal Auditors
by Caspian Media Ltd, Unit G4, Harbour Yard, Chelsea
Harbour, London SW10 0XD020 7045 7500
Editors Keith Ryan
[email protected] 020 7045 7543
Ruth Prickett [email protected]
020 7045 7572
Chartered Institute of Internal Auditors
[email protected] 020 7498 0101
Subscriptions
[email protected] 020 7498 0101
AdvertisingIan Mehrer
[email protected] 020 7045 7596
Creative directorNick Dixon
Opinions expressed by contributors are their own.
Reproduction in whole or in part without written permission
is strictly prohibited.
ISSN 2048-8408.
30
TeamMate AM is the solution of choice for 90,000 auditors in more than 2,200 organisations world-wide. AM addresses key audit management functions such as risk assessment, scheduling, documentation, issue tracking and time reporting, enablingyou to standardise and streamlineyour entire audit process.
Increase Efficiency & Boost Productivity of your Audit Process
A Breakthrough inCompliance Management
TeamMate CM is focused on themanagement and testing of SOX,Basel III, Solvency II, IT Governance or any other set of internal controls. CM allows you to view and interact with controls through an innovative user-defined structure based on multiple Dimensions and Perspectives of data that leads to greater efficiencyand deeper insight.
The integration of TeamMate AM and TeamMate CM promotes leveraging and sharing of data and work�ows across the
Internal Audit and Compliance disciplines.
The Perfect Pairing
Learn more at TeamMateSolutions.com
View from the IIA
Conference 2014 time to connect“The growth of the internal audit profession depends on the discourse, development of common understanding and sharing of best practice through international connections and contacts.”
Ian Peters, chief executive of the IIA.
The IIA’s International Conference arrives inLondon in July 2014. To help promote it, the IIA’s conference organisers gave delegates a small token of London to whet their appetites for next year. London has many such symbols, but we settled on the iconic red telephone box – and if the hundreds slipped into conference bags indicate intentions to attend next summer, we can expect huge demand for places.
The image of the red phone box may have retro appeal, but as a symbol of communication it is wholly relevant for a conference that has the theme “Time to make the connection”. Organisations in all sectors are evolving rapidly with ever more global perspectives, so the internal audit profession must also evolve. This growth depends on the discourse, development of common understanding and sharing of best practice, which comes through international connections and contacts between internal auditors. There is no better collection of forums for this than those facilitated by the International Conference’s general sessions and break-out tracks, for large debates, smaller group discussion and one-to-one conversations about internal audit’s role, opportunities and challenges.
Next summer may seem a long way off, but planning has begun and we are preparing to welcome over 2,000 internal auditors from
more than 100 countries to one of the city’s largest venues, the ExCeL London. During the four-day conference delegates will also hear from speakers from around the world, including practitioners, educators and many other subject experts and commentators on business and world affairs.
The international conference committee has its work cut out trying to surpass the speakers at this year’s event, which took place in Florida in July. There, Madeleine Albright, the former US Secretary of State, spoke candidly about her distinguished career in government, business and academia. World-renowned business guru Tom Peters, co-author of the best-selling business book In Search of Excellence, gave his passionate views on business excellence in a disruptive age. And many other speakers on the main platform and in the concurrent sessions shared their expertise and views on the full range of issues of importance and interest to internal auditors across all sectors, from fraud and governance to technology.
But it’s not just the excellence of the speakers and the interest of their subject matter that attracts internal auditors in their hundreds to the International Conference
“This annual gathering is the ultimate opportunity for networking and exchanging ideas, as well as business cards”
each year. This annual gathering is the ultimate opportunity for networking and exchanging ideas, as well as business cards.
Making those connections with peers is becoming more valuable than
ever for all of us.I hope you can be part
of those forums and debates in London next
year as a conference delegate – or perhaps as a
volunteer. We are looking for “conference makers”, who
can help us to make the conference run smoothly and
effectively. The ExCeL London was a venue for many events in last year’s Olympic and Paralympic Games, and the role of the army of volunteer games makers was a key feature in their success. With your support, our aim is to replicate that achievement and ensure that London 2014 ranks high among the best International Conferences.
How ever you would like to get involved, you can contact our training and events team and follow our updates as we count down to the conference on social media, our website and through Audit & Risk magazine.See our website for more information on the conference at www.ic.globaliia.org.
HAVE YOUR SAY Post your comments about this
article or any of the issues raised at www.auditandrisk.org.uk
3
WE KNOW AUDITTrUsTED INTErNAL AUDIT sOfTWArErisk assessment >> scheduling >> workpapers >> reporting >> issue tracking
As an internal audit management software pioneer, Thomson Reuters Accelus™ delivers an end-to-end audit management solution with the best-in-industry implementation. Trust your investment in our proven software and reliable implementation, training and support. Developed by internal auditors for internal auditors, Thomson Reuters Accelus internal audit software improves audit efficiency and productivity throughout the entire audit process including risk assessment, scheduling, workpapers, reporting and issue tracking, helping thousands of corporate and government clients.
For more information: accelus.com/audit
©R
EUTE
RS/
STEP
HEN
HIR
D
© Thomson Reuters. GRC00230
GRC00230.indd 1 4/17/2013 9:34:29 AM
View from IIA Global
Congratulations on a job well done“My ears pricked up at the IIA’s recent International Conference in Orlando when Tom Peters declared in his keynote address that internal auditing ‘has got to be the coolest profession in the world’.”
Richard Chambers, president and CEO of IIA Global.
I have long been of the opinion that internal auditing is one of the most interesting jobs around. However, I suspect that’s not a widely held belief outside the profession. So you can bet my ears pricked up at the IIA’s recent International Conference in Orlando, Florida, when management guru Tom Peters, author of the best-seller In Search of Excellence, declared in his keynote address that internal auditing “has got to be the coolest profession in the world.”
Hyperbole aside, Peters proclaimed what many of us in the profession have been saying for some time: there’s virtually nothing we can’t dive into, nothing we don’t touch or shouldn’t be able to touch, to help our organisations. What we do adds value and protects our organisations from fatal fraud and business risks. It’s a job that’s important, intellectually stimulating, diverse and interesting. Considering these same words are often used to describe great novels and screenplays, I’d say Peters is right. Internal auditing is (or can be) the coolest profession in the world.
IIA Global is constantly raising the bar to elevate the professionalism of its members and elevate the IIA as an organisation and the practice of internal auditing. These goals manifest themselves in the prolific production of guidance, services, education and resources. The new Certification in Risk Management Assurance (CRMA) is a good example. We also use cutting-edge communications techniques — including social media, webinars, online videos, and digital downloads — to keep our members around the world informed and engaged.
It’s evident that you are working just as hard to advance the profession, expand your
skill sets, increase your value and align your audit plans with board priorities to include a more diverse and strategic focus on the emerging areas of governance, risk management, compliance and technology. In fact, less than 25 per cent of internal auditors’ time is now spent auditing financial controls, according to the IIA’s 2013 Global Pulse of the Profession survey. That speaks volumes.
As we evolve beyond our roots in financial controls, we are recruiting more diverse and dynamic talent. Chief audit executives are no longer looking only for graduates with accounting degrees. In fact, the same survey found that only about a quarter of new entrants to the internal audit
profession come from an accounting background. Instead, today’s internal audit job postings are apt to require non-traditional skills.
The study found that the top five attributes sought by chief audit
executives are: 1. Critical thinking.
2. Communications.3. Risk-management assurance.4. IT.
5. Data mining/analytics.Accounting ranked sixth.
This trend may be common knowledge in the profession, but when I
hear someone with the global reach and influence of Tom Peters acknowledge it — unprompted — I get excited. The fact that he even knows and understands the full range of what we do is testament to the global advocacy work we have been doing as a profession; raising awareness, through our personal interactions as well as media and government outreach about just how crucial and interesting internal auditing is.
I often use this space to challenge or exhort you to greater things. But today I want to take this opportunity to congratulate you on a job well done, to thank those of you who were able to make it to the 2013 International Conference, and to tell you how much I am looking forward to being with you at next year’s spectacular conference in London.
“Only a quarter of new entrants to the internal audit profession come from an accounting background. Today’s IA job postings are apt to require non-traditional skills”
For Further InFormAtIon richard Chambers writes a blog at
www.theiia.org/blogs/chambers and tweets at www.twitter.com/rfchambers.
5
Comprehensive Audit & Risk Management Software
• Modern screen design that operates globally over a range of network speeds without the restrictions of a browser interface• Flexible audit planning by entity structure & process• Home screen identification of items for your action and review• In-built audit methodology and audit report templates• Simple deployment and automatic software updates• Audit work can be focussed on risks identified from integrated risk registers
Pentana VisionGlobal audit management software
www.pentana.com/visionEnquiries: [email protected]
Call: +44 (0)1707 373335
IIA Audit & Risk Full Page September.indd 1 16/07/2013 10:40:29
View from the top
Self-promotion tell them why IA matters“Why are there misconceptions about internal audit? Is it so complex that only those in the profession can know what it involves, or are we to blame?”Ian Whybrow, head of internal audit at Vanquis Bank.
Recently at a friend’s BBQ I was asked the most judging question known to internal auditors: “What do you do for a living?” This was followed by that nervy 30 seconds where you see either a look of fear on people’s faces or they tell you that they had to do a stock take last month. You then decide whether to smile inanely or correct their misconception.
Don’t get me wrong, I have always been proud of what I do for a living and could easily sell the virtues of internal audit. It is, however, amazing how many people respond with “ I had a stock check last week” or “we keep a tight rein on expenses” when you mention auditor. No one has ever mentioned assurance, risk management, governance or controls.
Mark, a friend of mine, is a plumber. When he is asked what he does the next questions are always “Are you local?” followed by “Can I have your number?”. Everyone thinks they know what he does and, importantly, sees the value of his service. So why are there misconceptions about internal audit? Is it so complex that only those in the profession can know what it involves, or are we to blame?
This made me think about what can we learn from Mark. I came up with five lessons:• Qualifications/accreditation – Mark is qualified, as am I, and ensures that this is advertised or displayed at every opportunity, from business cards to documents and on his van. I am not suggesting that internal auditors have the IIA brand embossed on their cars, but we should look at how we promote our qualifications. When you issue the audit plan there should be a section detailing the audit team. Let the board know what resources and skill sets they have available. When you send out a terms of reference (TOR), can you put in
a few lines about the audit team performing the work? My intranet page has a section entitled “Your internal audit team”, which has pictures of the team with a small bio for each member plus a list of our professional qualifications. The team has recently undergone the IIA’s review to ensure conformity to standards and all reports will now clearly state “Conforms to the IIA’s professional standard”. Why would you not promote this achievement?• Benefits of your service – Mark has an informative A4 flyer that promotes his services and describes the process for hiring
him. All audit departments should have an audit charter, but how is this communicated to the business and who reads the entire document? Why not produce a flyer detailing your role and services, the benefits of internal audit, the audit cycle and an FAQ section. This can be sent with TORs, handed to new managers at inductions and displayed on your intranet page.
• Visibility/availability – Mark does not sit in his office, he is either working or
networking. How many audit departments hide on the top
floor until they perform an audit? To be seen as
useful to the business we need to be seen in the business.
Regular walks around offices and catch-ups with managers are ideal opportunities to find out what is happening.
• Check up on your customers and/or clients – when he finishes a job, Mark goes back to check how
everything went. A post-audit visit by the HIA is useful to gain feedback on the audit team and the overall process and experience. You can send audit surveys, but the personal touch goes a long way.• Clear two-way communications – Mark makes sure he understands what the client wants and is clear about his expectations from them (eg clear room, access to boiler etc). When you meet managers and draft a TOR, explain the process, introduce the audit team and describe what it will deliver, and detail what you need from them (availability of resources, turnaround time to review audit reports etc).
If we all do a little of this, maybe next time you are asked what you do, you will stand tall when your answer receives a knowing smile.
About the AuthorIan Whybrow PIIA is head of internal audit at Vanquis Bank and has 23
years’ experience in financial services, 14 in internal audit. His team recently completed an EQA with the IIA.
7
“To be seen as useful in the business, we need to be seen in the business”
8
We round up the latest business and regulatory news to affect the internal audit profession.UPDATE
AdditionAl news, feAtures And views are posted online all the time. Go to www.auditandrisk.org.uk to see what’s new.
8
frC revises standard on audit reports
rBs fined £5.6m over reporting blunders
commission proposes audit market shake-upThe UK Competition Commission has put forward a package of measures to shake up the external audit market and ensure that companies do not automatically stay with the same firm out of habit or lack of choice.
The commission proposes that FTSE 350 companies should put their statutory audit engagement out to tender at least every five years, and that “big four-only” clauses in loan documentation should be prohibited.
Other proposals include a shareholders’ vote on whether audit committee reports contain sufficient information and a stipulation that only the audit committee is permitted to negotiate and agree audit fees and the scope of audit work and authorise the external audit firm to carry out non-audit services.
The commission has decided against requiring mandatory rotation, as well as introducing further constraints on providing non-audit services.
Reactions to the proposals so far have been mixed. ICAEW chief executive Michael Izza has questioned whether or not tendering would “help achieve” greater competition, while James Chalmers, UK head of assurance at PwC, has said that “the proposed halving of the retendering period… to five years is a significant change that will have a major impact on UK companies”.to read the Competition Commission’s proposals, go to: http://bit.ly/12b0p70
natural disaster losses for 2013 reach $85bn Economic losses from natural disasters during the first six months of the year were $85bn – lower than the average $100bn from the preceding ten years. According to
Impact Forecasting, the catastrophe model development centre at Aon Benfield, the five largest economic loss events in 2013 up until the end of June were the central European
floods during May/June ($22bn); the China earthquake on 20 April ($14bn); the Brazil drought ($8.3bn); the US severe weather outbreak during May ($4.5bn); and the China drought ($4.2bn). to read the impact forecasting 1H 2013 Global natural disaster Analysis report, go to: http://bit.ly/14dkGCt
Royal Bank of Scotland has been fined £5.6m by the Financial Conduct Authority (FCA) for failing to report properly on more than a third of its transactions on wholesale markets between November 2007 and February 2013.
In total, the bank failed properly to report 44.8 million trades, and failed altogether to report 804,000 transactions during the period, the FCA said.
Most of the errors involved using an incorrect reference code that made it impossible for the FCA systems to identify the counterparties to a transaction. Other inaccuracies included using the wrong timestamp, firm reference number or venue; incorrect prices; duplicate reporting; and incorrect identifier and description for “over the counter” derivatives.
RBS agreed to settle at an early stage of the investigation, and received a 30 per cent reduction of its fine.for more information, go to: http://bit.ly/1bMf6r0
The Financial Reporting Council (FRC) has made “significant” changes to the UK’s external auditing regime through a revised standard.
The corporate reporting watchdog has issued a revised auditing standard (ISA 700) to enhance transparency in the auditor’s report by increasing communication with investors.
External auditors reporting on companies that apply the UK Corporate Governance Code will be required to explain more about their work.
The FRC is also requiring boards to describe the work of the audit committee in annual reports and for the auditor to report if the board’s disclosures do not address matters it has communicated to the audit committee. Auditors will also have to inform the committee about significant audit judgments.
The changes will affect reporting periods on or after 1 October 2012. the full survey report can be downloaded at http://bit.ly/13ClvZJ
9
Government reveals Gist of public spendingThe government is opening to the public a database showing how Whitehall departments spend their money.
Cabinet Office minister Chloe Smith said the Government Interrogating Spending Tool (Gist) takes the UK further than any other country in opening up the business of government to public scrutiny.
“Greater transparency can help us to identify wasteful spending,” said Smith.
Gist is made up of two sets of data: Online System for Central Accounting (Oscar) and the Quarterly Data Summary.
Oscar is the financial reporting system used by the Treasury and brings together £710bn of accounting data.
Smith added that Gist was “not a substitute for correct and technical audit, but a whole new line of transparency”. for more information, go to: http://bit.ly/18MrYlk
9
The UK must do more to stop online fraud and deter state-sponsored cyber-espionage or risk losing the fight against e-crime, MPs have warned.
The Home Affairs Select Committee said much low-level online financial crime was falling into a “black hole” and was not reported to the police.
The MPs said more officers should be trained in digital crime detection and e-crime experts protected from cuts. City of London Police warned that up to a quarter of the UK’s 800 specialist internet crime officers could be lost because of budget cuts. Publishing its E-crime report, the cross-party committee called for a dedicated cyber-espionage team to respond to attacks. Other recommendations include requiring banks to report all e-fraud, however small, to the police; obliging web firms to explain data security tools to new users; and for prosecutors to review sentencing guidance for e-crimes.to read the report, go to: http://bit.ly/12ZxspC
UK risks “losing fight” against internet crime
Public sector workers are losing pride in their work and trust in their leaders as the government’s austerity programme bites, according to research by management consultancy Hay Group.
Almost three-quarters of front-line staff and senior managers (70 per cent) say their morale is at an all-time low and almost half of employees (47 per cent) do not believe their leaders deliver on promises. There are indications that many may leave as 43 per cent want to leave their current employer – the majority of those (78 per cent) within the next three years.
In what Hay Group describes as a “senior management black hole”, more than two-fifths of senior managers (43 per cent) are planning to leave the public sector altogether. Of those, 32 per cent want to leave in the next year.
Dissatisfaction among managers is greater than for public sector workers as a whole, with 84 per cent experiencing all-time low morale.to read the full findings, go to: http://bit.ly/1auvioY
“Brain drain” danger to public sector
directors see staff as bigger security threat than criminals Company directors see their own employees as the greatest threat to corporate data and computer systems, according to 53 per cent of respondents to an international survey of senior executives by risk specialists IT Governance.
The Boardroom Cyber Watch 2013 report ranked staff as a bigger threat than criminals (27 per cent) and state-sponsored cyber-attackers (12 per cent).
The survey also found that many board directors appear to be inadequately informed about cyber-risks: 52 per cent receive cyber-risk reports annually, while only 5 per cent say that such reports are submitted daily. to access Boardroom Cyber watch 2013, go to: http://bit.ly/18PGj56
10
David Law, group risk and compliance director, Tunstall Healthcare Group, will be speaking on day one of the conference about risk management – the key challenges facing boards. My experience is that risk management is improved when the respective risk and internal audit functions talk to each other and discuss their work. We hear a lot about risk and internal audit wanting more high-level exposure and a place on the top committees, but they have to earn this. This is not always the case and where these functions are weak they can be rightly viewed as the dogs that failed to bark. They should grasp the opportunity.
I’m going to look at the difference between audit committees and risk committees and the importance of effective collaboration between them. Each has a unique perspective: the audit committee will take a quantitative view of a risk position; meanwhile, the risk committee will take a qualitative view that focuses on the quality of the business risk and the resources allocated to address it. Each needs to understand the role it plays in the overall governance framework.
I am fortunate in having directed both risk and internal audit functions, so I can understand and appreciate the synergies and would always look to build a strong bridge between the two. However, if this bridge is not built then the risk is that the two become rivals which is not healthy.
I shall also be talking about my experience working on the London 2012 Olympic project and why, despite this being a complex and time-challenged project, the outcome was so successful.
Armand Lumens, chief internal auditor at Royal Dutch Shell, will then share tips for delivering the successes of internal audit to the executive committee and board. I’ve been at Shell for about 20 years and in internal audit for the past four. I have therefore put together what I think are the most important issues for internal audit to get right to deliver maximum insights to the executive committee and the board. The order of
importance can differ, but I believe these are: top-notch resources; operational excellence; stakeholder management; independence; being in sync with the audit committee; and sharing themes, emerging risks and learning.
Their relative importance will vary in different organisations. Some will struggle to achieve independence, while it’s
taken me several years to achieve being in sync
with members of the audit committee.I plan to share my progress towards these
aims and the struggles I’ve encountered. The key message I want people to take away is that when it comes to stakeholder management you have to avoid “noise” and focus on facts, insight and value. You could do the perfect internal audit, but you have to ask whether this means you are managing risks better, creating value and focusing on the business.
For more inFormationthe 2013 iia conference takes place on 11-12 September at
one Wimpole Street in London. this year’s conference features over 30 sessions led by experts from well-known organisations. in addition to the main talks, delegates can choose from a range of practical sessions, where they can get advice, find out about tried-and-tested approaches and make contacts. the free exhibition will also provide opportunities to find out more, while
networking over tea and coffee. the conference costs
£667+Vat (members) and £866+Vat (non-members).
to see the conference programme and book a place, visit www.iia.org.uk/conference,
or contact [email protected]. if you would like to
exhibit at, or sponsor, the conference, contact [email protected].
Conference preview
Two of the key speakers at the IIA’s 2013 conference, entitled “Expect More – Harnessing the Power”, give us an exclusive preview of their key points and themes.
Expect more: the detail
“The key message I want people to take away is that when it comes to stakeholder management you have to avoid ‘noise’ and focus on facts, insight and value”
The Chartered Institute of Internal Auditors invites you to connect with more than 2,000 of your peers during the 2014 International Conference, 6-9 July, at the ExCel Exhibition and Conference Centre in London.
As an attendee, you will benefi t from:
• Sharing and discussing ideas and concepts with recognised thought leaders, practitioners, educators, and speakers from 100+ countries.
• Participating in educational sessions on pressing topics such as sustainability, social responsibility, public sector issues, technology, ethics and fraud, fi nancial services, and more.
• Networking with like-minded colleagues from public and private sector organisations worldwide, ranging in level from staff auditors to heads of internal audit.
• Engage with exhibitors that offer products and services to help you succeed.
Visit www.ic.globaliia.org for details, and book your place from 1 October to get the early bird discount.
TIME TO MAKE THE CONNECTION
LON-2014-16 Audit Risk Mag Full Pg Ad.indd 1 8/16/13 9:44 AM
12
REPORTAGECompanies are increasingly looking to incremental innovation, rather than disruptive innovation for future growth. However, researchers at Accenture are warning that this “low-risk” policy will eventually cause them to fall behind and lose market share.
The report says that many companies are disappointed by the returns they are deriving from their investments, so they are scaling back expectations. Instead of the disruptive products, services, and business models that were anticipated several years ago, many initiatives have become more limited. Rather than offering “the next big thing”, innovations coming to market today are more
typically line extensions, it said.It urged companies to reconsider their approaches to innovation. Enterprises
that can successfully innovate at a breakthrough level are far more likely to dominate and prosper in the new markets they create, it said. They can also position themselves to master change. Formal systems to manage innovation will enable companies to protect themselves from the risks that this approach will create.
70%of executives ranked innovation in their top five priorities
18%put it top of the list
% of companies that said the objective of innovation was to disrupt existing markets:In 2009 30%In 2012 26% 93% said they believed their company’s long-term success depended on its ability to innovate. But only 18% said their innovation strategy was delivering competitive advantage.
34% said their company has a well-defined innovation strategy.
46% have become more risk averse about new ideas.
45% said their company was pursuing smaller, safer opportunities rather than seeking the next breakthrough.
13
The full report is at: http://bit.ly/166RJMh
Accenture surveyed 519 executives at large US, UK and French organisations, with revenues greater than US$100m. They represented a wide spectrum of sectors, with the largest samples drawn from banking and capital markets, retail, electronics and high-tech, health providers and consumer goods and services.
60 %invest in cloud technology to
boost innovation capabilities
50%invest in mobile technology to
boost innovation capabilities
31%invest in social media to boost
innovation capabilities.
5% reported an increase in funding to generate new products and services.
60% have a chief innovation officer.
87% are formally evaluated on innovation activities.
36% were very satisfied with their company’s idea generation and 31% were very satisfied with their product development. 27% were very satisfied with their business model for developing new processes and 25% were very satisfied with the way they grow their portfolio.
Companies are investing in innovation
Who did they ask?
14
Gordon Craig, director, internal audit, 3i GroupI commend the committee for the way it has managed the consultation process and handled the feedback it received.
The guidance sets a clear and new benchmark that I suspect few teams have fully achieved, but towards which, I hope, many aspire. Internal audit teams will need high levels of skill and experience. They will need to be capable of exercising sound judgment with appropriate balance and timing, and to examine and opine on a broader range of subjects. Without this, it is unlikely that teams will come close to achieving the standing and credibility the guidance envisages.
Meeting this benchmark, however, is not a task for internal audit alone. The full engagement of boards and senior management will be indispensable. To this end, I believe support from both the regulators and the Financial Reporting Council would add considerable weight and provide a firmer grounding for the guidance.
The guidance also raises several practical issues and questions about implementation – examples include how to apply the guidance to small teams or in financial institutions with parent companies located outside the UK. There is also the matter of potential “spill over” to non-financial sectors. These will no doubt be debated at length in the coming months.
Launched in July, the guidance aims to increase the effectiveness of internal audit in financial services, enabling it to play a more active role in improving governance and behaviour. It was produced by an independent committee, established by the IIA and chaired by Roger Marshall, chair of the audit committee at Old Mutual and a director of the Financial Reporting Council, which sets standards for accountancy and corporate governance. Its principles can be applied across the UK’s financial services industry and it gives boards and regulators a benchmark they can use to assess the effectiveness of their internal audit functions.
The recommendations are in line with calls by the sector’s regulators to strengthen internal audit’s independence, role and scope. They also address the Parliamentary Commission on Banking Standards’ concerns about internal audit’s ability to raise risk management issues. The guidance states, for example, that the chief internal auditor should have the authority to challenge the executive and communicate concerns to the board. Meanwhile, the scope of internal audit should be unrestricted so internal auditors can assess the management of any risk in the business. It recommends that internal audit assess whether processes and actions are in line with business values, ethics, risk appetite and other policies. The primary reporting line should be to the chair of the audit committee.
The committee also recommended that the IIA should develop guidance on how to apply all this in practice. The institute is therefore researching how organisations operate now and how they will need to operate in future, identifying gaps and actions required. This will inform work in areas such as culture and customer treatment.
The guidance takes into account recommendations by the Basel Committee and the US Federal Reserve and builds on the IIA’s International Standards. To read the guidance and see how it relates to the IIA’s International Standards visit www.iia.org.uk/financial services.
Words: Alice Hoey
The new guidance: challenges & opportunities
The IIA’s new guidance, “Effective Internal Audit in the Financial Services Sector”, will be one of the summer’s essential reads for many in the industry. But will it achieve its aims and how easily can it be implemented? We asked experienced senior internal auditors for their views.
Bernadine Burnell, group chief internal auditor, Legal and GeneralI welcome the publication of the IIA code. It has come at a time when the financial services sector is regrouping after what has been a very challenging
period for the industry as a whole.At the same time, organisations will need to
give careful consideration to the breadth of change required, as this is an ambitious code,
one that will take time to implement and fully embrace. There are likely to be significant impacts in terms of the skills and knowledge required in internal audit teams in the future. The time, effort, complexity and investment needed to deploy the changes in full should be properly evaluated and a pragmatic approach taken, dependent in part on the size of the organisation.
With appropriate support from management and boards, there now exists an opportunity to ensure that internal audit’s adoption of the code will achieve higher standards and help in continuing to raise the bar.
15
Ian Whybrow, head of internal audit, Vanquis BankThe new recommendations are a positive and proactive step forward. However, as they echo the sentiments of the Basel Committee on Banking Supervision’s paper, “The internal audit function in banks”, produced in June 2012, they shouldn't be dramatically new to heads of internal audit.
These are principles rather than detailed rules and so their interpretation is very much subjective. To use these guidelines fully, therefore, internal audit teams should speak to their peers to get a different point of view and to challenge their own. I would very much like to see the Banking and Financial Services Internal Audit Group drive this forward with regular workshops and networking opportunities.
The profession has to be realistic; the code will take time to embed and there will be teething problems. HIAs will face challenges from the board and the audit committee in putting these recommendations into practice. It will be important to get the board and audit committee to embrace the code fully, and I hope the recent joint Prudential Regulation Authority/Financial Conduct Authority statement will put some weight behind this. Another challenge for HIAs will be making the recommendations work for their teams and companies while adhering to the underlying principles behind them.
It is an interesting time to be in financial services with two new regulators and emerging markets with their own unique needs, as well as the development of service and acquisition channels that would have been thought of as science fiction less than 20 years ago. I believe these recommendations, along with the proposed additional guidance on the application and implementation of them, will help to strengthen this industry.
Michael Roemer, head of internal audit, BarclaysThere will be several challenges in implementing the new IIA code, but it will pay big dividends. It will add clarity around expectations of internal audit in financial services from within the industry and from our regulatory partners. It will also push the industry towards a more proactive approach around governance and culture, and allow IA departments to improve the way they leverage the vast amount of knowledge they have.
One challenge for firms will be designing audit methodologies around culture, as there are not many firms that I'm aware of that are currently auditing culture. That methodology needs to be fair and balanced, robust and fact-based, and be able to be used not only by the board audit committee and board of directors, but also by the firm itself to drive constant improvement. It needs to meet the spirit as well as the letter of the guidance.
At Barclays we are in the process of designing our audit methodology, and are coordinating with our ongoing change programme, Transform, which has a major focus on values and behaviours.
The code may be toughest to implement for smaller firms with limited resources and capabilities, but there are other issues for larger businesses such as ours. We operate in many jurisdictions around the world and must coordinate the recommendations of the IIA code with the requirements and regulations in those jurisdictions. We plan to take the most conservative and the most constructive aspects of each and raise the bar to make sure we meet them all.
16
Douglas Flint, group chairman, HSBCIf boards are to preserve their organisation’s right
to self-determination in all foreseeable circumstances, they need to seek assurance that these systems of control and their inherent vulnerabilities are subject to validation, challenge and testing by an appropriately qualified and independent internal audit function led by a recognised leader within the organisation.
The institute’s leadership in developing recommendations aimed at fostering effective internal audit plays a critical role in designing such a system. This is an edited extract from Douglas Flint’s speech at the IIA annual dinner.
Pam Kaur, group head of audit, HSBCThe new code represents significant progress in the evolution of the internal audit profession and places it alongside other well-recognised disciplines – but only if the opportunity is
properly grasped. The guidance moves things in the right direction and so raises the bar for internal
audit functions. As a result, there will be heightened expectations from all stakeholders.
We are pleased to see internal audit's primary role being defined as “…to protect the assets,
reputation and sustainability of the organisation”. This significantly broadens its remit beyond “providing assurance”. The emphasis on areas such as strategy and culture emphasises the heightened expectations. It is pleasing also to have clarification about the unrestricted
nature of internal audit's role, up to and including the information provided to the
board for its decisions. Ultimately, internal audit functions must earn the right to influence and be
listened to by producing relevant, informed, forward-looking and insightful work.The requirement for internal audit to include within its scope the risk and control culture of the organisation will present some challenges. This is an area that has received a significant amount of regulatory focus in the aftermath of the financial crisis. Specific tools and approaches will be required to assess this, and careful consideration will need to be given to how conclusions are reported to stakeholders, as many will not be used to internal audit functions providing opinions on this area.
The guidelines will require careful communication to management and, initially, the responsibilities in relation to certain areas, such as strategy, may generate resistance. To some extent we must manage expectations; change won't come overnight. Ultimately, the guidelines won't guarantee to prevent a repeat of the banking crisis, but they represent a significant opportunity to help avert the worst excesses.
Dr Ian Peters, chief executive, IIAThe new guidance gives internal audit the potential to play a much more significant role in supporting better management of risk in financial services organisations. The importance of this role is recognised by the Banking Standards Commission and others, including the financial services regulators, who see the need to strengthen internal audit's independence, role and scope.
“The challenges should not be underestimated, with significant implications for internal audit resources and a real risk of creating expectation gaps that need to be managed carefully”
Jim Pettigrew, audit committee chair at Aberdeen Asset Management The new guidance is a most welcome initiative that should prompt audit committees to undertake within their own organisations a gap analysis between existing practice and these new provisions. Over the next few years the successful internal audit functions will be those that master in an effective “value add” manner the new requirements around strategy, risk and culture. The challenges around these should not be underestimated, with significant implications for internal audit resources and a real risk of creating expectation gaps that will need to be managed carefully.
Non Executive Directors (NEDs) and the Management of RiskA survey of heads of internal audit
Effective Internal Audit in the Financial Services SectorRecommendations from the Committee on Internal Audit Guidance for Financial ServicesJuly 2013
0758 Effect internal audit Finance 24-6-13.indd 1 01/07/2013 16:53
For details and brochure see [email protected]
Take control of your business processes with ICE
Maintaining an internal control framework that is fit for purpose in these challenging times is imperative. Doing so presents a significant challenge.
ICE helps organisations design, document, monitor, report, and continuously improve their internal control environment.
We are hosting our qualifications open evening, so come along and hear from the experts on how getting qualified is going to get you where you want to be. This will also be great opportunity for a drink and a chat with your peers.
Hear from a chartered head of internal audit, on his rich and varied career in internal audit and why all his staff have to be qualified. Newly qualified students will be on hand to let you know first-hand the implications of studying and what they got out of it.
s Why is it so important to get qualified? s Find out what you will learn, how long it will take and much more
The IIA qualifications team will be on hand to answer all your questions.
IIA qualifications open evening
Contact for more information: email [email protected] www.iia.org.uk/studenteve
24 September 201317:30 – 20:00
IIA halfH ad Template.indd 1 15/08/2013 15:53
18
{ }
Things are changing in financial services.
Aberdeen Asset Management is a
FTSE 100 asset management
company and its internal audit team
has just completed its first full audit of
culture and strategy. Scott Strachan, head of internal audit, explains.
Cultural asset
Words: Ruth Prickett Photographs: Peter Searle
“We’re trying hard not to lose the positive aspects of our culture, while ensuring we meet requirements for corporate structure and governance”
19
cott Strachan prefers small companies. He likes the intimacy of small teams, direct contact with senior managers and the way small management teams
make quick decisions. This may seem odd given that he is global head of audit
for a company that employs 2,000 people in 24 countries, joined the FTSE 100 last year and manages over £222bn of invested funds.
However, when Strachan joined Aberdeen in 1999 he was one of two internal auditors among only 338 staff. Since then the company, which manages investments for institutional and private investors, has grown fast. Some of this has been by acquisition – most recently taking on assets and clients from Artio Global Investors Inc and SVG Advisers. Even though it is now in the FTSE 100, the company has retained much of its original culture and a collegiate atmosphere of a small team, Strachan says.
“We’ve grown quickly and have acquired a lot of assets and staff so we’ve had to blend many geographical and company cultures,” he says. “We’ve always been aware of the importance of getting this blending process right, but since the financial crisis culture has become more high profile.
“As always it’s balance. We want to remain dynamic and entrepreneurial and true to our operating model while ensuring the right overarching value framework,” he adds.
He is keen to hang on to this. Fortunately, he is in the right place at the right time to help preserve this nebulous commodity. Culture is the word of the moment in financial services firms – and they’re not talking about sponsoring an opera at Glyndebourne.
From words to actionsThe report of the Parliamentary Commission on Banking Standards put culture and behaviour at the heart of sustainable financial services. Everyone agrees that better knowledge of organisational culture and the way in which employees behave could have helped prevent the global financial crisis. The
20
emphasis is shifting towards seeing staff behaviour as a key risk and as a worthy subject for internal audit. But translating these good intentions into practice is more difficult.
These pressures, plus the fact that the company’s non-executive directors were looking into issues around company culture, prompted Strachan to start Aberdeen’s first full audit of culture and strategy. While many organisations are talking about this, he believes that Aberdeen is one of the first, if not the first, actually to complete this kind of audit.
The process involved many elements that broke the mould of traditional internal audits (see Behaviour therapy, facing page). Strachan’s long experience at Aberdeen and the fact that he has seen the company grow from a genuinely small organisation proved a huge advantage in this project.
“I don’t think I could have done this audit eight years ago,” he says.
He acknowledges the debate about whether rotating heads of internal audit increases their independence, but he believes there are also strong arguments in favour of HIAs having a long-term relationship with the business.
“You get to know the executive team and the feel of the company and you develop relationships and a breadth of knowledge that only comes with time in the role,” he argues.
Although Aberdeen’s staff retention is good, Strachan says, both he and the company’s senior management recognise that they can’t rest on their laurels or ignore the importance of incorporating new employees.
“We’re trying hard not to lose the positive aspects of our culture, while ensuring we meet requirements for corporate structure and governance and address expectations and manage perceptions in this area,” Strachan explains.
“Balancing these, while creating the right level of assurance is a personal
challenge – I have to reassure the regulators that when we make decisions all the right checks and balances are in place.”
Reputation, reputation, reputationThe challenges of maintaining the right culture for growth while meeting regulatory requirements and preserving the ethos of
the company feed into the most important overarching risk for any financial services firm – reputation. “Whatever projects we are working on we have to consider reputational risk. Without trust we have no business model,” he says. “And reputation can be damaged so quickly.”
In addition to core risks of regulations and reputation, Strachan’s team, which now numbers 23 plus support from a big four firm, also has to consider a further range of risks. “You name a risk that has to be recognised and managed, our business has it,” Strachan says.
Auditing product risk, for example, includes looking at whether products are stress-tested, true to the organisation’s
investment principles and whether they meet client needs. Furthermore, Strachan’s team has to look at risks associated with trading. “We can have every system going, but if trades are instructed or executed incorrectly, the impact can be significant. Not only financially, but also from a regulatory, client and reputation angle,” he says.
Rogue traders are less of a risk at Aberdeen, Strachan believes, because “we don’t have star managers”. Instead, the company tends to make team decisions following a well-established investment process, which Strachan says is a key safeguard. “This is another area that stems from culture,” he says.
Strachan’s team is based in five countries and completes about 80 audits a year. The challenge of keeping abreast of rapid change means that in the past year he has developed a new process for planning these audits. The company used to have a traditional audit plan, but now operates a “three plus nine” system.
“I report directly to the audit committee and, rather than giving them a yearly plan, I now give them a list of audits I believe we should do in the next three months plus the risk story behind each,” he explains.
“Then I tell them the audit themes that are likely to be a focus for each division in the company over the next nine months. We’re not committed to these audits, so we can change our minds quickly if the situation changes.”
Once the audits are completed, Strachan’s team produces reports that are usually one page long.
“No one wants to read a 25-page audit report, so there’s a risk it will be ignored,” he says. “Give an executive one page and they will read it and understand it. A lot of this is about discussing the issues before you produce a report. Then it’s about good communication. The more words you write, the more likely you are to lose the thread and the higher the risk that people will misinterpret your message.”
{ }“No one wants to read a 25-page audit report. But give an executive a one-page report and they will read it and understand it”
Scott Strachan: in numbers• 1990 studied accountancy at Abertay University. Joined accountancy firm Frame Kennedy & Forrest in Inverness.• 1993 qualified with ICAS.• 1994 Joined Northern Audit
Services, later acquired by Coopers & Lybrand, which merged to form PwC in 1999.• 2000 Joined Aberdeen Asset Management as internal audit manager.
21
Behaviour therapy: how to audit the intangibles of cultureWhen the regulators visited Aberdeen Asset Management late last autumn they were keen to talk about corporate culture. So were the non-executive directors who had been discussing the issue. In consultation with directors, Scott Strachan looked at the risks and decided he needed to audit culture and strategy. There was only one hitch: there was little evidence of formal models to follow or benchmark against.
So Strachan called in Tim Cox, his head of EMEA, and asked him to come up with one.
“I go along to various HIA forums and this is something that has been on the agenda repeatedly over the past 12-15 months,” Cox says. “But nothing solid came out of these.”
He started planning the work in February this year. In April he and Strachan made their first presentations to members of the executive committee and a number of the non-executives. In
considering their findings, they drew on past audits and debates about well-known and established themes. They then asked their audience to discuss these and provide feedback.
Cox says this was as much about facilitating conversation and debate on these themes as providing formal testing evidence.
“They were engaged and supportive,” Cox says. “The regulator has been talking about how behaviours indicate culture and ways to measure behaviour. Much of this is about tone from the top, so we knew we had to engage all the people at the top of the business.”
Next, Cox spoke to HR. This was important because the key tools he had identified for influencing behaviour were job descriptions, remuneration policy and the appraisal process.
The discussions led to enhancements of appraisals. “There had to be a clear link between appraisals and reward and it all had to focus ultimately on accountability,” he explains.
In July Cox and Strachan met the audit committee and, with the sponsorship of the deputy chief executive officer, tabled the business’s action plan and explained how they intended to monitor progress.
“This isn’t a case of 12 actions that will be finished once they’re done,” Cox says. “It is an ongoing process and will have to be monitored in the long term. It will evolve over the coming months.”
Strachan adds: “Culture is now seen as a key issue for internal audit. This initial work
and our dynamic approach to it puts us in a
good place.” Furthermore,
culture will now be considered
more formally in other audits. “We will look at issues such as what is the culture on this desk, do the behaviours of these fund managers show the right culture, and do we have things in place to encourage this culture,” Cox explains.
While the audit used evidence of behaviour, the process differed from a traditional internal audit: it focussed on presentations and workshops, rather than one-to-one interviews, documentation review and testing followed by a report.
“Much of culture is intangible and many of the themes highlighted cannot be audited traditionally with hard fact,” Cox says. “It’s these challenges that make it such interesting work.”
Strachan agrees. “This kind of audit uses all our experience and our knowledge of the company and applies these to areas that are less directly quantifiable and helps us to develop new ways of conducting internal audits,” he says.
Strachan also often meets regulators and clients. When he started at Aberdeen he rarely met clients. Now, however, they need to prove that they are implementing good governance procedures so need assurance to feed back to their own investors and regulators.
Reconciling contradictions is a constant in Strachan’s role. He is an internal auditor who loves small organisations, yet has helped his company reach the FTSE 100; an accountant who has introduced one of the industry’s first audits of that most touchy-feely area of business – culture; and a manager who is keen to preserve company values, while helping his organisation evolve in the identification and processing of risks. Financial services firms are in transition and Strachan is demonstrating how internal audit can help them to operate in future.
Scott Strachan is a member of the Internal Audit Leaders’ Forum,
and is chair of IIA Scotland.
}
“Much of culture is intangible and many of the themes
cannot be audited with hard fact. These are the challenges that make it interesting work”
22
“MPs have accused the BBC of a ‘snouts in the trough culture’ over six-figure payoffs. The policing minister has told the force to banish its ‘canteen culture’ after a series of scandals”{ }
23
Words: Wilma Tulloch
There’s no question that organisational culture and its impact on behaviour is receiving increased attention these days. But what are the implications for internal auditors? Is this just the flavour of the month, or the start of a cultural revolution?
In the middle of July, Andrew Witty had a very, very bad day at the office. On this day, Witty, CEO of GlaxoSmithKline, found out that his vice-president of operations in China had admitted, on national TV, that he’d paid almost half a billion dollars in bribes, fooled GSK into paying for non-existent conferences, and hired prostitutes to oil the wheels of commerce. This confession came hard on the heels of a GSK four-month internal investigation that confidently proclaimed it had found
“no evidence of wrongdoing”. About a month before these events, Witty had given an interview
to Bloomberg Businessweek, in which he’d opined: “I’ve tried to keep us focused on a very clear strategy of modernising ourselves, changing our culture to create much more values-based decision-making, and looking to try to make sure the company’s agenda is in line with society’s expectations. We’ve gone through lots of challenges, but we sit here with a substantial degree of optimism.”
Yet despite almost doubling the compliance department and imposing a “zero tolerance” policy on bad behaviour, it seems another “challenge” has emerged for Witty to contend with. GSK’s reputation is once again heading resolutely south, and the company’s difficulties are once more being ascribed to a problem with its culture. “Snouts in the trough”Not that Glaxo is alone. Talk of culture is everywhere these days. MPs have accused the BBC of a “snouts in the trough culture” over six-figure payoffs. The policing minister has told the force to banish its “canteen culture” after a series of scandals. The outgoing head of the NHS in England admitted to “a culture of denial”, while his national medical director is seeking to end “a culture of secrecy”.
Culture is preoccupying a lot of minds at the moment. Especially, it would appear, in financial services, where a culture of greed and excessive risk-taking was widely seen as the cause of the financial meltdown of 2008.
Fast forward five years and now that financial institutions have stabilised, policy makers are seeking preventative measures designed to stop a repeat performance. Consequently, in February this year the G20’s Financial Stability Board set the agenda by recommending that the internal audit function now needs to audit on a regular basis the effectiveness of corporate governance within firms, and report on that effectiveness to the main board.
This too was the theme of the speech by Douglas Flint, chairman of HSBC Holdings, at the IIA’s annual dinner this year. He highlighted the emergence of culture as a theme in the report by the Parliamentary Commission on Banking Standards and the role
Cultureclash
24
“Culture and corporate governance are absolutely set from the top of the firm. It’s not just the CEO saying this is our policy on X, Y and Z. But also the senior managers backing that up by being seen to live and breathe those things”cultural audits should play as a key to helping restore trust in banking.
So, if culture and the corporate governance structures that shape culture are set to become much more of a focus, what does this mean for internal auditors?
The golden threadAccording to Susannah Hammond, senior regulatory intelligence expert at Thomson Reuters, sooner or later (but probably sooner) everyone will need to get involved with cultural auditing, no matter where they work. As she puts it: “It’s very clear that in terms of governance, what is starting with financial services is percolating out.”
However, Iain Grieve, head of internal audit at Circle Housing Group, one of the UK’s largest housing associations, feels that cultural auditing is not entirely new.
“I think it has always been there,” says Grieve. “To me a big part of internal auditing is ensuring that the behaviour and the attitudes of staff support the wider vision and goals of the organisation – this is something we have always considered in our audit reviews.”
Grieve explains that for him cultural auditing starts with vision and values. “One of the key things for us is our strong mission to enhance life chances, and vision to put customers and people at the heart of everything we do. Our executive team works with the leadership team to instil in the organisation a clear business plan and priorities,” he explains.
He looks for what he calls “a golden
thread” between the vision and the core objectives of everyone who works for Circle, which manages about 65,000 properties. “If you were to conduct a cultural audit, one thing you could do is undertake a review of the staff objective-setting process – to ensure that individual objectives support the vision of the organisation,” he says.
Perhaps good behaviour is easier to find in the third sector, where staff are motivated by more altruistic impulses. Yet Hammond agrees entirely about where culture comes from. “Culture and corporate governance are absolutely set from the top of the firm,” she says. “And I can’t really overemphasise how important the tone from the top is. It’s not just the CEO saying this is our policy on
X, Y and Z. But also the senior managers backing that up by being seen to live and breathe those things and take them seriously.”
The question remains, how do you assess that everyone is living and breathing these correct behaviours?
The biggest impactBen Willmott, head of public policy at the Chartered Institute of Personnel and Development (CIPD), thinks HR ought to be the first port of call. “HR is the function with the potential to have the biggest impact on organisational culture,” he says.
The drivers for creating a positive culture and ways of spotting when things are going wrong are core HR territory, according to Willmott. More than that, HR can provide a range of data to help gauge culture, from absence rates, staff turnover figures and exit interview data, to accident rates, employee engagement survey data, and qualitative and anecdotal information from focus groups and workshops.
Remuneration, appraisals and discipline are key touch points for measuring culture. On remuneration, a recent CIPD report revealed that nearly two-thirds of financial sector workers still believe their organisation’s incentives reward inappropriate behaviour. Willmott says employers need transparency and clarity
25
about what people are being rewarded for and which behaviours they incentivise.
Appraisals and performance monitoring are also important for understanding
the culture of an organisation and demonstrate how seriously the organisation listens to its staff. In the case of Circle Housing, Grieve notes: “As auditors, we place a lot of emphasis on our leaders to monitor performance and we expect sufficient management assurance to be in place to demonstrate a culture of effective performance monitoring”.
Discipline is also a way to understand whether procedures and policies are taken seriously. An inconsistent disciplinary structure corrodes a good culture. “If a member of staff or a contractor is not performing against a set of objectives we would expect management to demonstrate to us that appropriate action has been taken,” says Grieve.
Visible supportHammond recommends that IAs talk to the board or the audit committee to make sure that they really understand what’s needed to carry out cultural auditing. The reason, she
says, is that “it’s the board or audit committee that will provide the visible support for the auditor internally and, without it, internal auditors will not be able to assess the effectiveness of corporate governance because they won’t get the support from the rest of the business to do it”.
Grieve agrees. “If we identify issues related to culture or corporate governance as part of an audit review, I feel I have a good enough relationship with executive team members to highlight this and work proactively towards the best solution for the business. This, to me, is indicative of a good working culture.”
If cultural auditing is set to become far more important, Hammond sees a clear upside for internal audit. She believes that cultural auditing provides a tremendous opportunity for the IA role to become an even more business-critical function.
“It’s not without its challenges, absolutely,” she says, “but I think internal auditors should approach it as an opportunity for themselves, and a way to help their firms to survive into the future.”For details on how Aberdeen Asset Management introduced its first cultural audit see “Cultural asset”, page 18.
Hear that whistle blowAt time of writing, Edward Snowden, the man who leaked details of top-secret US surveillance programmes, is holed up in Russia. He’s been dubbed a “whistleblower” by the media and a “traitor” by the US authorities. It raises the question, should organisations be encouraging staff to blow the whistle or not?
Ben Willmott, head of public policy at the CIPD, believes that organisations ought first to have a culture where people feel confident about speaking up when they see something wrong. “It’s not just about whistleblowing,” he says, “it’s about showing staff that you’re interested in what they have to say. Without that culture, a hotline alone won’t prove a
panacea.” But he still believes that a whistleblowing procedure is worth having to provide a safe channel where staff can raise concerns.
Meanwhile, the UK government now has a published policy on whistleblowing (https://www.gov.uk/whistleblowing). It advises that workers are eligible for protection by law if they
honestly think that what they’re reporting is true. However, workers lose that protection if they break the law, for example by breaching the Official Secrets Act. Snowden is deemed by US authorities to have broken the equivalent law in the US, hence, for now, his fugitive status.
“Workers are eligible for protection if they think what they’re reporting is true”
26
Internal audit at the CAA conducts two main categories of activity – risk-based assurance audits and consultancy audits. The former are authorised annually by the audit committee and cover areas such as training and recruitment, sickness absence, procurement and accounts payable and the business processes surrounding the issuing of Certificates of Airworthiness and management of the Air Travel Organisers’ Licence (ATOL) scheme. The latter are audits requested on an ad-hoc basis by managers.
The team consists of 1.7 full-time equivalent internal auditors, supported by an external team at KPMG and up to ten people from other CAA departments who are seconded into the team for about ten days a year each and are at various stages of training and experience. We completed an external quality assessment (EQA) with the IIA last year and it found the way in which we resource our team is “unusual, perhaps unique”.
When I joined the CAA five years ago the audit committee was keen to introduce a secondment programme from other parts of the business. They saw it as a chance to give people from all departments a chance to learn about the wider organisation, gain experience and opportunities to develop, so helping staff retention and satisfaction.
Previously I had spent ten years at Deloitte delivering internal audit services in both the UK and Australia and had seen various models of secondments to internal audit, but none worked brilliantly; although a stint in internal audit was often a stepping stone to managerial roles. Generally most of these schemes hit problems regarding sustained engagement and “buy in” from the business that we too initially encountered. We quickly realised that to make secondments really work we needed to develop a robust structure, including providing timely feedback to line managers, regular training sessions and having close links with the appraisal and development processes.
The other issue was the perception of internal audit. It was important to promote it as a risk-based assurance function, rather than as “process police”, which is what some stakeholders still saw it as.
The CAA’s income is directly affected by the level of UK aviation industry activity, meaning that my budget has reduced over the past few years and we need to get more from our resources. We wanted to build greater understanding of the audit process, reduce our reliance on external support, plus we hoped that audit experience would help individuals to identify weaknesses or improvements in their own departments that would benefit the organisation.
Team effort For the 50,000 pilots and the airlines responsible for the 19,000 UK-registered aircraft that the Civil Aviation Authority (CAA) regulates (among other things), it is the gatekeeper. For those travel organisations that impact on the safety and financial security of the UK aviation consumer, it is a force to be reckoned with. Andrew Alsop, head of internal audit at the CAA, explains the innovative resourcing programme that he has set up and how this is increasing both the capabilities and the profile of internal audit in the organisation – as well as, ultimately, reducing its dependence on external support and helping it to meet tightening budgets.
27
What does the CAA do?The CAA is the UK’s specialist aviation regulator. Its activities include: making sure that the aviation industry meets the highest technical and operational safety standards; protecting consumers’ rights; enhancing competition; preventing holidaymakers from being stranded abroad or losing money because of tour operator insolvency; planning and regulating all UK airspace; regulating airports, air traffic services and airlines; and providing impartial advice on aviation policy. It was founded in 1972 by Parliament and regulates around 50,000 professional and private pilots, 12,400 licensed aircraft engineers, 2,350 air traffic controllers, 2016 commercial air operators (including airlines), 141 licensed aerodromes, 950 organisations involved in designing, producing and maintaining aircraft, 2,400 ATOL holders and 19,000 aircraft registered in the UK. It is based in offices in London and Gatwick, plus some smaller regional offices.
28
The scheme we introduced in 2009 is a three-to-four-year programme involving a minimum of ten days a year for each team member (although some people manage to do more). I chose ten days because a larger time commitment might present issues with line managers not wanting to let people go. The “carrot” was that after participating in three or four audits and helping to pull together one of the quarterly audit finding status reports, members attend two audit committee meetings, first to observe and then take minutes. This lets them see how the issues and management actions they have created are received and discussed by the audit committee and senior management.
The annual time commitment includes a half-day training session every six months and a conference call for the alternate quarters. Members sign up for specific audits and some are now reaching the stage where they would like to take on more responsibility for planning and fieldwork processes. One of my long-term objectives is to introduce a train the trainer scheme, with senior in-house members mentoring less experienced members.
The process hasn’t all been plain sailing. We started out with about five members, but after battling to get people involved I realised that I had to formalise the programme and link it to our performance management process. Now all team members have a specific IA-related objective in their annual performance plans as well as set objectives for each piece of IA work they undertake. Performance against those objectives is discussed on the last day of the audit and the complete form is sent to their line manager as evidence for their end-of-year assessment. This led to another learning point – it’s important not to underestimate the amount of admin involved in a programme like this.
Often line managers are reluctant to release staff, and it can be frustrating if people pull out of training sessions. I have found it useful to explain that audit tasks can’t be undertaken without foundational training. It’s also a wasted opportunity because we only hold sessions every six months and I usually involve our KPMG team members to give a wider audit industry perspective. Some sessions take place at KPMG’s offices to get the CAA team out of their immediate
surroundings and show them another side of internal audit services.I also learnt lessons about training content. People come from
different backgrounds and with different experiences and there is no one-size-fits-all training package. Not everyone is interested in the technical side of what we do, but most are interested in the human and psychological aspects. We try to make the training enjoyable and have short quizzes with prizes as well as sessions on core topics such as report-writing, the internal auditor’s responsibilities around fraud and de-mystifying the finance function.
It was obvious from the beginning that we needed the support of line managers. Giving formal feedback has helped, and we invite line managers to attend a one-hour video conference update every six months. It was important to demonstrate how their teams would benefit from building additional skills and gaining a better overview of the business; especially as I wasn’t being cross charged any overhead costs for their participation. We also stressed the staff retention aspects and the value of having someone on the team who can spot early signs of potential problems in their business area.
The audit committee’s support has been essential and we report back annually to explain the contribution of the CAA team, showcase the skills developed and savings on external consultancy fees.
The programme is now starting to pay off. It has helped to re-educate people about what internal audit involves and has raised its profile across the organisation – I’ve had to turn people away for the first time, rather than chasing recruits. Not only have people gained a new perspective on the business, but some have gone back to their day jobs
“The programme has helped re-educate people about what
internal audit involves and has raised its profile across the organisation – I’ve had to turn people away, rather than chasing new recruits”
29
Jane Campbell: What it means for meJane Campbell, a part-time member of the CAA internal audit team and full-time aeromedical certification officer, explains why she has enjoyed working with internal audit so much she’s now studying for the IIA certificate.
I was one of the first people to join this scheme about three years ago. I’ve worked for the authority for many years and my department deals with the medicals required for UK commercial pilots, private pilots and air traffic controllers. I read a newsletter article by Andrew about his role and that of internal audit. I knew nothing about it and assumed it was some kind of scary police function. I was particularly interested to hear that internal auditors met people from all parts of the organisation. I could see opportunities to learn and to get a proper overview of what the CAA does.
I started by shadowing Andrew and the KPMG internal auditors. At first I was daunted, by the skills
needed for the interviews (what to ask and when, how to deal with difficult, busy clients and how to shift between different areas of the business quickly) plus all the documentation required, from recording what people said and deriving key risks and controls to writing the working papers and reports.
But this made it exciting. I’ve done an Open University degree and I like a challenge. I like to understand what I’m doing, know I’m doing it properly and the theory behind it. That’s why I wanted to study for an IA qualification.
Once I found out about the IIA courses I presented the business case to my manager and to Andrew. I had to explain how it would help me, my department, the organisation and the internal audit team.
My boss then threw me in at the deep end and asked me to analyse a complex process and come up with a report suggesting ways to streamline it. I’m still
proud of this mini-audit, but if I did it again I’d do it differently. I’ve learnt so much since then.
I love audit work and when I return to my desk I feed my overall experiences back to the rest of the team. It’s fascinating to work in other parts of the organisation. My department has been hugely supportive. I tell them it’s a challenge and gives me a much broader view of what we do.
In particular, it’s shown me the role of the audit committee and board meetings. I can now say to people: “This may not look relevant to us, but it is important because it will have this affect on our work or business.”
Internal audit is so different from my normal job that it’s like switching on a different part of my brain. I always come back to my desk tired but mentally refreshed,
and it can change the way I see the things I do.
Each time I start an internal audit I have to identify my objectives and the lead internal auditor gives me tasks to support these and feedback afterwards for my annual performance review.
I hope to complete the certificate by February and I’d like to do the diploma. Andrew is helping me to identify which audits will give me the experience I need. The IIA workshop process has been great for meeting people and the tutors have been fantastic. The skills can be used in lots of ways. I just wish I’d known about internal audit ten years ago.
For information about the IIA Certificate in Internal
Audit and Business Risk visit www.iia.org.uk/certificate.
and improved business processes because of things they have learnt.Financially, we have reduced our spending on external support
by around 10-15 per cent. We still depend on external resources for specialist skills, although the way we use the external team has shifted. I’m hoping that we may be able to reduce our use of external support further when we have more people trained up, but it’s not our primary focus for now.
One issue that will be more of a concern in future is the potential for conflicts of interest affecting team members’ independence and objectivity during audits. My aim is to have at least one team member from each area of the business so that we always have an alternative if a conflict emerges. However, the authority plans to get more people involved in cross-functional project teams, which may mean we need to make additional use of external resources.
The next initiative is to develop a skills matrix for each team member. This will record the core skills already held and experience gained in each key element of an audit. This will enable us to allocate our resources more effectively and help team members to focus their learning objectives for individual assignments. It should also help us to demonstrate better the value and benefits of involvement in internal audit and enable us to benchmark our progress year on year.
For information about IIA External Quality Assessment, visit www.iia.org.uk/eqa.
“The next initiative for the programme is to develop a skills matrix for each team member. This will record the core skills already held and experience gained in each element of an audit”{ }
“The skills I’m learning can be used in lots of ways. I just wish I’d known about internal audit ten years ago”
30
Prospective employers are more interested in what you can do for them, rather than what you can do{ }
Words: Neil Hodge Illustration: Toby Morison
Time outAs the fall-out from the financial crisis moves into its sixth year and the UK inches its way along the brink of recovery, private and public sector organisations continue to cut costs and axe jobs. Internal audit is not immune, but internal auditors are much more employable than they might think – they may just need to broaden their perspective.
People should not be put off accepting short-term placements: in this market it might be all that’s available.
31
}
Few people welcome being made redundant, but with some preparation and positive thinking, internal auditors who lose their jobs can bounce back. The experience can even be positive if it forces you to reconsider your long-term goals. Some take the opportunity to move into another audit position, but others end up moving into a new sector or even change profession or working environment altogether. The important thing is to remember the value of your qualifications, how much your current role has taught you – and, even more importantly, what you have to offer potential employers.
The longer you’ve been in a job or a company the more of a shock it is to move. But comfort can also be a trap and it can be good to reassess your career and think more widely about what you really find rewarding, what you need to live on and where you can add the most value. You may surprise yourself. No matter how much warning you have of an impending move, a good start is to take stock of your strengths. You can’t sell a product until you know what it is.
For a start, most internal auditors are qualified. Simon Taylor, director at Venn Group, which places contract and interim risk and compliance staff, says that qualifications such as CMIIA, ACCA, CIMA, ACA and CISA are always sought after, particularly in accounting, finance and IT organisations. Many internal auditors also have experience in the big four accountancy firms.
Even more importantly, the nature of internal auditing means that any internal auditor thinking of moving to another position should remember that they will have accrued valuable working knowledge of their whole industry during their career. Taylor points out that most will also have a proven track record demonstrating desirable skills such as project management, which can be applied in many other roles and sectors.
32
Case study:Deborah Foulkes Deborah Foulkes CMIIA, who recently became an internal auditor with national accounting firm RSM Tenon, had been an internal auditor with Wrexham County Borough Council for seven years when she decided to take a senior internal audit post at Chester City Council in June 2007. Unfortunately, her move coincided with the start of the global financial crisis, which resulted in the council merging with several other local authorities, so Foulkes took voluntary redundancy as job cuts loomed.
However, she kept herself busy working on short-term contracts, the first of which was for two months as an external auditor at the Wales Audit Office. There then followed two separate stints as a principal auditor for NHS audit contractor Mersey Internal Audit, and latterly a 14-month appointment as a senior auditor at Wirral Borough Council. She also
volunteered as a teacher for an Asperger’s charity, and became a distributor working from home for a slimming and nutritional products company.
Foulkes regularly updated her skills, experience and work availability through social media websites, such as LinkedIn, Facebook,
Gumtree and Twitter, and changed her profile status to say “seeking new opportunities” so that recruiters linked to her pages could see that she wanted a full-time position.
Although she would not have chosen to change jobs so often, Foulkes believes that the variety of work she has done in the past four years helped secure her latest role.
“I have gained a lot of different skills and experience since being made redundant from my last full-time job. Working for a global nutrition and weight management company, other local authorities, internal audit providers and in the NHS gives you valuable insight into how those organisations work, and the expectations of their clients,” she says.
“It has made me more confident and given me a deeper understanding of internal audit work and customer care.”
“Internal auditors should demonstrate they have the experience to fulfil the role, even if it is outside internal audit”{ }
“Regardless of their sector, internal auditors are skilled at risk assessment analysis and design and delivering strategic plans for improvement. When selling transferable skills to potential employers, this should not be overlooked,” Taylor says.
Value-added peopleYet internal auditors are often poor at marketing their expertise. Martin Robinson CFIIA, a licensed career coach and internal audit consultant, was formerly head of business audit at Lloyds TSB. While at the bank, Robinson became a career coach to advise those who were being made redundant about how their skills and experience were transferable within the group and that their expertise was sought after by employers.
He found that most people do not recognise the value of the skills that they
have developed and are therefore bad at selling them to potential employers. This is especially true, he says, when people apply for internal audit jobs in different organisations or different sectors, or when they apply for another type of role.
For example, he says, internal auditors in the public sector often feel that their experience restricts them to looking for other public sector internal audit positions, and that audit jobs in the private sector are “off limits”. Similarly, internal auditors with, for example, comprehensive IT audit skills, are reluctant to apply for jobs in IT security even though they may have years of experience in major organisations.
“Internal auditors often undersell their skills and do not realise that they could – and should – demonstrate to prospective employers that they have the experience and knowledge to
fulfil a particular role, even if it is outside internal audit,” says Robinson. “The key is to examine the role you are applying for and show how your skills, experience, training and qualifications can meet the requirements. Spell out exactly how you are capable of doing it, rather than hoping the employer will make the mental leap.”
Simon Drury, managing director at coaching specialist the Art of Reinvention, agrees. “One of the keys to success in believing you have transferable skills is to consider them generically instead of applying them only in the internal auditing context. Prospective employers are more interested in what you can do for them, rather than what you can do. If they perceive the benefits to them (and their clients) of employing you, they are far more likely to ‘buy’ you, so focus on the benefits,” he says.
A useful exercise, says Drury, is for candidates to write down exactly what they can do for their clients right now, such as coaching people so that they feel more in control, confident and able to problem-solve without supervision, which demonstrates candidates’ leadership qualities. They should then identify three real-life “case studies” that they can use as examples to give prospective employers.
A tailor-made CVIt’s also important to tailor your CV to every job you apply for – there’s no such thing as a one-size-fits-all CV. “Each company is different and each requires different skillsets and experience, so you need to rejig your CV to place those matching skills at the top,” advises John McLachlan, managing director at training and leadership development consultancy Monkey Puzzle.
Another useful tip is to emphasise skills, rather than the organisations you have worked for. This is particularly true if you want to move into a different profession or move from the public to private sector, he says.
McLachlan also suggests that rather than merely providing a list of dates and job
33
Case study: James PatersonNaturally, people do not need to wait until they face the threat of redundancy to make a career move. James Paterson PIIA, director of internal audit and risk consultancy Risk and Assurance Insights, was formerly a global head of internal audit at pharmaceuticals giant AstraZeneca. After 20 years at the company and seven years as head of internal audit, Paterson decided that rather than moving back into another finance role he would take the plunge and become self-employed.
“Earlier in my career I ran leadership development programmes and did coaching around career choices for others, and this got me thinking that doing more training and coaching while working for myself was something that I wanted to do before it became too late,” says Paterson.
“I had developed skills in training and development in the course of my career and developed a network with a number of auditors and heads of internal audit over the years, and I used these contacts and new relationships to get my business going,” he adds.
However, Paterson warns that if other internal auditors are planning to work for themselves, they have to have a degree of financial security and be honest about their likely client base and offerings. Added to that, they have to be prepared for a degree of uncertainty over cash flow, with no paid holidays or sick pay. “But if you can accept that and make provision for it, there is no reason why you can’t set yourself up in business,” he says.
It’s important to tailor your CV to every job you apply for – there’s no such thing as a one-size-fits-all CV.
}
titles, you should consider sketching out a narrative of your key achievements – for example, those demonstrating team leadership, project management, engagement with the board and senior management or explaining how internal audit saved the company millions of pounds through more effective controls testing and risk management protocols. “Relate these experiences to show that you can replicate that success for a new employer – organisations want to know what you can deliver for them,” he says.
Temporary measures?If you decide to sign up with a specialist temp agency, the sooner you do it the better, according to Paul Clutton, UK director at recruitment agency Hays Corporate
Governance. Temporary work can help to pay the bills and you may develop new skills and experience. It also enables employers to try employing people who don’t have the exact skills and experience they are looking for, but have long-term potential. You don’t know what it might lead to.
“People should not be put off accepting short-term placements: in this market it might be all that’s available,” Clutton says. “Short-term placements offer variety and can give you valuable experience at a time when you need to show how diverse your professional career is.
“Placements also show that you are flexible and adaptable and that you are prepared to work in different organisations and working environments. They show that you can mix and match your skills and experience to fit the
job and that you are not afraid to work with different people.”
The main point is that you should not be too afraid of losing your job, or feel that there is any shame attached to it – it can happen to anyone. And redundancy can be liberating once people get over the shock, says Robinson.
“The experience – although initially painful – can turn out to be a blessing,” he says. “It allows people to reconsider their work-life balance and reassess whether their early career goals have been realised, or if they are still achievable. I know people who have taken the opportunity to move abroad, set up their own business, retrain, work on a freelance basis, or do a variety of part-time roles following redundancy – and most people end up feeling better for it.” >
34
Despite the ongoing demand for risk and audit professionals, we sometimes get “organised out”. In 2012 I was in the uncomfortable position of having to make significant changes to a team I had built. I also faced choices myself, but it had to be done. I was not the only senior audit professional out of a job and soon met others who, while at the top of their profession in effective roles, found that economic pressures or corporate change led to redundancy. So I thought I would share some of the lessons I learnt from what can be an emotional time.
1 Be multimedia.There are many ways to
network and find out what is going on and some roles are not advertised. • Use the phone, organise meetings, track job sites daily, download job site apps, and set up email and text alerts as well as direct networking.
• Go for beers and coffees with people you know, meet via job searches or LinkedIn.• Use LinkedIn thoroughly. Examine the contacts of contacts – they may lead to opportunities.• Only accept invitations from sources that look valuable. Some users just want to add to their network. • Accept invites from headhunters who operate at your level or slightly above.• Monitor contacts’ new connections.• Read job-hunting books for ideas.
2 Know your role.You may not want to rule out
options, but being clear will help you target roles and have effective conversations.• Be clear about what you want, what you may consider and what you don’t want.• Consider roles outside your preferred location that may be flexible about your working style. • Get a job description, identify what the company is looking for
and match their needs with your skills and attributes. I used a “T” account. On the left I listed job attributes and skills requested. On the right I showed where my experiences and skills matched. This shows the recruiter you have thought about the role and have done some of their work. Send your CV and your T account to the headhunter and take them to interview.• Forget any problems when leaving the old role – stick to facts and practise telling the story.
3 Keep active.It’s an effort when nothing
is on the horizon, but a morning on the internet or arranging a meeting is positive. Don’t wait for things to come to you.• Keep updating contacts, peers as well as consultants and headhunters.• Start a book of contacts to record activity with each person. It’s easy to confuse what you said to whom.• Identify those who act from those who talk or just post jobs.• Follow up with headhunters. Send a regular email even if there is no news.• Talk to anyone who contacts you. I received a couple of calls from agents I might not have contacted and one proved helpful.• Thank every contact. People like being thanked.
4Keep in touch with work-related issues.
Work goes on and new developments may be relevant at an interview. It will also show that you are up to date.• Network with professional bodies and their job sites.• Read Twitter feeds, professional
body alerts or magazines.• Think of others who are looking for work even when talking to your own contacts – it shows you’re connected.
5 Spend time on personal stuff.Do those things you always
meant to do when you had time. • Write an interim “bucket” list of things to do while you’re off.• Exercise.• Get up at your normal time and take kids to school (or similar).• Dress smartly.• Plan a holiday.• Set a budget and remember it may need to stretch.• Throw out old stuff. • Get a new suit for interviews.
6 Full time or interim? One agent told me to get into
the interim market quickly. Another said it can make it harder to get a full-time role. So I worked out how many months I could last on my normal monthly take-home pay. I then decided to take on an interim role only after a specific period.
7 Once offered:• Tell contacts your good
news – individually, not by mass email. Accept offers to meet for celebratory drinks/lunch/coffee.• Thank them personally.• Update LinkedIn.
8 Once in role:Do all of the above, especially
the networking (you never know).Malcolm Zack left Brakes Group, where he was group audit director, in May 2012. He joined Post Office Limited in October 2012 as head of internal audit, and is also a member of the IIA's audit committee.
Malcolm Zack reflects on an unplanned break after a reorganisation at his former employer and what he learnt while searching for a new role. The opinions here are his own.
>
Time Out
While I was studying for my ACCA exams in Ireland I read an article about volunteering time for charity. I thought I'd like to do it, so, after moving to Australia and qualifying with the IIA (Australia), I came back to the idea. The partners at Grant Thornton agreed that I could take up to 12 months' leave to work for a charity as a volunteer.
I came across Accounting for International Development (AfID), which was started in 2009, and contacted the founder Neil Jennings to ask whether he had anything suitable. AfID offers experienced finance professionals the chance to use their skills to make a difference as volunteers and gain rewarding hands-on international development experience. Many of its
assignments are short (two to six weeks), but it had an organisation in Zambia that was proving a challenge. The previous volunteer had done great work, but the improvements hadn't lasted and they wanted someone with senior management experience to go in for six months.
In 2011 I flew to Lusaka to work for EduSport, a local non-governmental organisation that brings together young people from local communities through sport and offers education in vital areas such as AIDS prevention, family planning and nutrition. It also runs a project called Go Sisters, promoting gender equity and empowerment.
The main focus of assignments is to develop and
enhance the skills, confidence and potential of local people, helping organisations to develop the financial management capacity they need to deliver effective programmes, and provide the assurance needed to attract donors.
EduSport’s main donor had become frustrated with its reporting – problems had occurred on several occasions and it was threatening to pull funding. I attempted to repair the relationship and, after the donor visited during my assignment, a decision was made to replace the local finance person. This was tough because I was there to help, not disadvantage someone.
However, it enabled us to promote Nyachi, the assistant accountant. She had started as a participant in the Go Sisters programme and had worked her way through the organisation to become a leader. She shone in the role and it was great to see her progress so quickly. I still mentor her by e-mail.
As Nyachi was performing so well I suggested that I should work on another assignment for a few weeks and then return to see how she was getting on. AfID put me in touch with Diza in Rwanda, an organisation supporting child survivors of the genocide of 1994. Its main project was running and building a school in Rwamagana and I volunteered for a month to do a similar role as in EduSport. This assignment was much smoother. Nyachi coped brilliantly and had only a few questions on my return. I spent another ten days with her before I left Africa.
Much of the work I did in Africa drew on my IIA qualification and really expanded my experience. I
had to identify risks, review and enhance accounting and operating environments and create policies to prevent issues arising in the future including a disaster recovery plan. My internal audit skills supported my ability to perform the role.
I learnt a lot working for AfID. I am more motivated because I appreciate what I have after experiencing the challenges there. It was incredibly rewarding to see the difference donors can make in the developing world. I’m better at understanding how to work with people of varying abilities too, and at seeing the big picture.
AfID was extremely supportive throughout. Everything was set up in advance and I received all the necessary information. It put me in touch with previous volunteers and maintained contact to the end.
My best memories are running through the towns and countryside with kids either staring at me or running behind me while training for the Kigali marathon. You hear so much that's negative about Africa, but I was never in danger and people were always friendly and welcoming. It's important for the locals to see you living their life, from shopping in markets, chatting in bars and watching football to eating BBQ goat.
If this is something you want to do, then do it. Arrange time off and go and help an organisation in need. Have a good time.
35
For More inForMationVisit www.afid.org.uk
dizarwanda.org
www.edusport.org.zm
www.barefeettheatre.org
www.grantthornton.com.au
Career development
Beyond thecomfort zoneIf you feel like doing something different, why not volunteer to work with an organisation in a developing country? John Fallon, associate director, audit and assurance, at Grant Thornton Australia, talks about his experiences – and the unexpected rewards – of working with Accounting for International Development (AfID)
36
Q. We have recently created an ‘audit universe’ to provide the main basis for our annual audit plan for 2013-14. We will also consult senior management regarding their concerns and so on. Our intention is to place limited reliance on risk registers for the annual plan, because the organisation’s risk management framework is far from ‘mature’. We are being pressed to base our plan entirely on the risk registers, but we know their limitations. Are you able to offer any advice on this?
A. Many organisations are still getting to grips with risk management, and where processes are relatively immature it is appropriate for internal auditors to conduct their own assessment of risk to define an internal audit plan. However, we do not think this situation should continue indefinitely. Standards and supporting guidance indicate the assurance that internal auditors provide should be based on the board’s and senior management’s assessment of risk and their assurance requirements. This is the position set out in our position paper on internal audit’s role in ERM.
I’m not saying it is inappropriate to continue to do what you are doing. However, because you are being pressured to move to a position that the institute supports, you should:
• explain to your audit committee why you cannot rely on the risk registers;
• perhaps offer support to facilitate improvement in risk processes as part of your consulting role;
• provide assurance based on those risk registers you can rely on; and
• perhaps offer a broad timescale as to when/how you will move to a fully risk-based approach.
Q. How long should it take to complete an audit?
A. Every audit is different so there is no set duration. That applies even if you are repeating an audit that has been done by someone else as they will have a different degree of knowledge and experience to you.
The way to approach this is to plan out the tests you are going to do and the meetings you need to have and estimate how long you will need, factoring in time from writing a draft report and discussions with management.
The scope of the audit will give you an idea as to the range of tests you will need to carry out and I would talk through the detail with your manager and the person you are auditing, because there may be times when it is not convenient for you to be on site.
The other consideration is the time you will need for preparation. More complex audits tend to take a little longer to research.
Q. Can you provide any advice on an internal auditor sitting on a staff panel? In effect, this is acting as an employee representative on such issues as pay, terms and conditions of employment, changes, grievance and disciplinary hearings, and so on. Processes are in place for declaring interests in relation to our audit work, as is the facility to do so in relation to any projects/work taken on as part of the staff panel. Are there any further controls that should be put
in place or is it not advisable to have an auditor in this role at all?
A. As an employee, you have a right, like your colleagues, to be a member of the staff panel. Being an internal auditor shouldn’t deny your involvement.
However, this may have an impact on your work as an internal auditor. For example, it is possible you may be involved in an audit where you have influenced a decision or outcome. The right thing to do is to declare your interest and have another team member cover that area. If you don’t, it may create a perception that you have lost your independence or, worse still, internal audit has lost its independence.
I wouldn’t avoid being on a staff panel but I would declare it and introduce these safeguards. Two practice advisories – PA1130-1: Impairment to Independence or Objectivity and PA1130.A1-1: Assessing operations for which internal auditors were previously responsible – will give you more detail. They are available at www.iia.org.uk/pa1130-1 and www.iia.org.uk/pa1130a1-1.
Q. I have to run workshops for about 200 managers across our group to strengthen our commitment to internal controls. Can you direct me towards any key documents, and references to internal control that may help me?
The section of our Resource Library dedicated to control has recently been updated. I’m sure the text and diagrams will give you a good start to your presentation and there are links to more detailed information. You can find these online at www.iia.org.uk/resources/control/.
You asked us
Our technical helpline provides valuable advice to members on a host of professional issues. Here are some of the questions you’ve submitted recently.
Q&A
37
Almost 300 internal auditors were present to applaud the achievements of IIA members and students at the institute’s annual dinner, which took place at the Guildhall in the City of London on 20 June.
After a thought-provoking speech by Douglas Flint, group chairman of HSBC Holdings, who focused on the outcomes of the Parliamentary Commission on Banking Standards and the ways in which IIA members could help to restore trust in financial institutions, prizes were given to members and students who had exhibited the qualities and ability needed to take the profession forward.
Helen Higgs CMIIA (pictured below, middle) from IIA Wales was presented with a Special Award for volunteer
achievement, while Iain Burns CMIIA also won a Special Award. Phil Tarling CFIIA (below, second from right), chairman of the Global Board of the IIA, was given the JJ Morris Award for lifelong contribution to the profession.
Excellence in last year’s institute’s exams was also celebrated at the dinner. Nicola Rimmer CFIIA, IIA president, presented Joanne Clewes PIIA (below, far left) and Alexis Stirling CMIIA (below, second from left) with certificates for achieving outstanding results in the internal audit exams. Clewes won the Charles Duly Prize for her performance in the internal audit diploma, while Stirling’s outstanding result in the advanced diploma earned her the Peter Hook Prize.
The Chartered Institute of Internal Auditors will hold its Annual General Meeting (AGM) on 16 October 2013 at MWB Liverpool Street, 55 Old Broad Street, London EC2M 1RX. Formal notice convening the meeting, as well as the AGM documents including agenda, report and accounts to 31 March 2013 and profiles for the nominees for President, Deputy President and Chairman of the Audit Committee, will be available on the website.
Full voting members of the Chartered Institute are entitled to vote at the meeting. If you are unable to attend, you can appoint a proxy to attend, speak and vote at the meeting in your place.
AddItIOnAl neWs, feAtures And vIeWs are posted online all the time. Go to www.
auditandrisk.org.uk to see what’s new.
We round up the latest business and regulatory news to affect the internal audit profession.UPDATE
A night to remember Mark your calendar: IIA AGM 2013
Included with this issue of the magazine is your copy of Essential to Success, the institute’s report to members on its achievements during the past three years. It also includes outlines of IIA plans for the next three years. For an electronic copy go to www.iia.org.uk/essentialtosuccess.
Essential to success
from left to right: Joanne Clewes PIIA, Alexis Stirling CMIIA, Helen Higgs CMIIA, Phil Tarling CFIIA and Nicola Rimmer CFIIA, IIA president.
RepoRting to the BoaRdHow frequently does your internal audit committee interact witH tHe board of directors?
The internal audit function needs to have open lines of communication with the board of directors, to highlight matters of which it should be aware. The IIA International Standards for the Professional Practice of Internal Auditing state that the chief audit executive must communicate and interact directly with the board. The survey revealed, however, that in 61 percent of firms the audit committee only reported to the board on a quarterly basis. It is to be hoped that the internal audit function is engaging with the audit committee on a much more regular basis. It ought to be the case that where internal audit flags up matters of note to the audit committee, the committee can draw it to the board’s attention as and when, rather than holding all reporting to a quarterly timetable.
Risk ManageMentin your opinion, How mature is your organisation’s risk management function?
Only 9 percent of internal auditors believe that their firm’s risk management framework is robust and appropriately resourced. Half of all internal auditors are of the view that their firm has a risk management function that is immature, in development or non-existent.
Monthly
Weekly
Quarterly
Annually
Ad hoc
Not sure
17%
61%
2%6%
12%2%
In the development stage
We do not have a formal programme or resources
Immature
Implemented, but requires additional work and resources
Robust and embedded framework and resources in place
31%
2%
23%
19%
25%
11%
19%
20%
41%
9%
The State of Internal Audit 2013 Thomson Reuters Accelus surveyed more than 1,100 internal audit practitioners from firms worldwide in February and March 2013 to canvass their views on the state of internal audit and their greatest challenges for the year ahead.
The responses received covered 76 countries worldwide and came from firms in a wide set of industries including financial services, manufacturing, government, education, life sciences, energy and other highly-regulated industries.
The world of internal audit is diverse and challenging. The global financial crisis has sparked a reassessment of the internal audit function’s role in financial services in particular, but as the crisis has deepened the effects and changes have been seen in all industries. The focus from policymakers and regulators alike has been on culture, corporate governance and risk management, together with a growing acknowledgement of the need for a strong, well-resourced independent audit function operating, and in particular reporting, in close coordination with other risk and compliance functions.
The survey highlighted:• Processassuranceandmonitoringactivitiesremainkeyareasoffocusforinternalauditfunctions.• Focusoncorporategovernanceisdownonlastyear.• Immatureriskmanagementprocessesinfirmsandinsufficientinputbyinternalauditfunctions.•Weaknessesinriskreportingtotheboard.• Insufficientcommunicationwithotherriskandcontrolfunctions.• Challengetoauditcommitteestoreassesstheactivitiesofinternalaudit.
IIA PARTNeR FeATuRe
CoRpoRate goveRnanCeto date, wHat involvement Have you Had in assessing your firm’s corporate governance?
Internal auditors are not currently focusing significant resource on the assessment of corporate governance, but many think it is becoming more important. Twenty percent of respondents stated that it was one of their three most resource-intensive areas currently, but 29 percent of firms thought that it should be a top three priority in the future.
The policy makers are all in agreement that effective corporate governance is essential if risks in organisations are to be controlled. The FSB has said that it expects the internal audit function to be independent, but that it must also develop the skills needed to consider the quality and effectiveness of corporate governance in a firm and to assess the quality and soundness of the risk governance arrangements.
Given the centrality of good corporate governance to the satisfaction of myriad regulatory, legal and business requirements it is perhaps surprising that only 25 percent of internal auditors reported that a review of its effectiveness was part of a continuous monitoring programme. This was a 10 percent dip from last year’s figure of 35 percent.
top 3 aReas of foCus foR the CoMing yeaR
The top three areas that internal auditors think they will spend more time on in the coming year than previously are monitoring (60 percent), tracking of remedial actions (49
percent) and reporting to senior management (46 percent). The figures are remarkably similar to last year, which again highlights the concern around the fact that the majority of audit committees still only report to the board on a quarterly basis.
top 3 Challenges foR 2013
Internal auditors listed their top three challenges for 2013 as increased focus on risk and control - 53 percent) still the most popular choice although it has declined markedly from 62 percent last year); insufficient skilled resources (43 percent, a marked increase from last year’s figure of 35 percent); and changing business model (static at 41 percent for 2012 and 2013).
The fact that so many more internal auditors were concerned about a lack of skilled resource this year highlights the changing role of the internal auditor, away from the traditional quantitative assessor with a spreadsheet and towards a more qualitative assessor of the desires and strategies of the firm’s management.
suMMaRyThe world of the internal auditor is changing. In common with other risk and control functions in a firm, internal auditors will now be expected to cope with regulatory change, heightened expectations and more intense scrutiny of their work at a time of constrained budgets, more intense competition for skilled risk resources and changing reporting requirements, and all of this under the pall of continuing global economic pressures. All in all, internal auditors need to be able to do more with less.
to download the full thomson reuters accelus state of internal audit report 2013 visit: http://info.accelus.thomsonreuters.com/auditsurvey2013
Have been consulted on design and effectiveness
effectiveness is reviewed as part of monitoring programme
Have highlighted it as a key risk to be assessedNo involvement
Other
31%
2%
23%
19%
25%
MonitoringTracking of
remedial actions
Reporting to senior management
60%
49%
46%
Increased focuson risk and control
Insufficient skilled resources
Changing business model 53%
43% 41%
Events
September
5IIA Scotland – Influencing and negotiatingEdinburgh
10HIAS forum – Social, economic and political risk – how to focus on key issuesLondon
10-12Internal auditing – a beginner’s courseSurrEy
11-12IIA Annual Conference 2013London
13Insurance Internal Audit Group (IIAG) – FCA expectations of product governance, co-sourcing and the new internal audit codeLondon
17The internal auditor’s guide to strategic thinkingLondon
17-18IIA Award in Effective delivery of audit and assuranceyork
19-20IIA Award in Interpersonal skills for audit and assuranceyork
25IIA Midlands – Procurement and supplier riskrAF CoSFord
25-26Techniques for effective testingyork
26Assurance mapping – a practitioner’s workshopLondon
October
2Presentation skills for the less confidentLondon
3IIA Scotland – Audit reports with impactEdinburgh
3-4Value for money (VFM)/performance auditingLondon
7-8Heads of internal audit – induction master classLondon
8-10Internal auditing – a beginner’s courseyork
Sign up now for the IIA’s comprehensive distance learning programme for the IIA Diploma to sit exams in June ‘14. Our programme gives you the structure you need to successfully complete your qualification including:
s Online support s Committed and experienced tutorss Consistently high pass ratess Bespoke and up-to-date study materialss Study support and revision workshopss The peace of mind knowing you chose the Institute for your studies
Become qualified with IIA Learning
We also offer support for the IT Auditing
Certificate see our website for more information
Don’t delay – get qualified!Contact IIA Learning: tel 020 7819 1939 email [email protected] www.iia.org.uk
40
IIA training courses & events
15HIAS forum: Reporting – audit committee reportingLondon
15Getting to grips with riskLondon
15-16Leading the audit teamLondon
15-16IIA Award in Information systems audit and assuranceLondon
16IIA South West: Fraud update GLoucester
16-17Risk-based internal auditing – an audit management courseYork
16-18Advanced information systems auditingLondon
17IIA Wales – How clean is your whistle?newport
17Fraud risk and the IALondon
17-18IIA Award in Compliance audit and assuranceLondon
22Auditing the treasury function – a practitioner’s guideLondon
23Data security risks for IALondon
23-24IIA Award in Effective delivery of audit and assuranceLondon
25IIA North West – Fraud and business ethicscentraL Manchester
29Risk-based internal auditing – a practitioner’s guideLondon
30-1IIA Scotland Annual Conference– When the going gets tough… scotLand
November
6IIA Midlands – IT hot topicsBirMinGhaM
13IIA South West: Auditing the finance function, tips and techniquesBristoL
25IIA North West: Continuing Professional Development – onwards and upwardsManchester
More than 5 delegates?Why not consider in-house training – delivering in a way that suits you!
41
Internal audit – When the going gets toughThe 2013 conference will consider how internal audit can navigate through continuing tough times, face the challenges these pose and position itself as essential to organisational success. Speakers will present on case studies and good practice; instigating debate and providing food for thought. Regardless of sector or role, there will be something for everyone. This year’s line-up of speakers includes:
s Paul Moore – “The HBOS Whistleblower”
s Jim Pettigrew – Audit Committee Chair – Aberdeen Asset Management
s Linda Sloan – Department for International Development
s Derek Anderson – NI Civil Service
s Andrew Magowan – Inspiring Scotland
IIA Scotland Conference 2013
31 October 2013 Hilton Edinburgh Grosvenor
Grosvenor Street, HaymarketEdinburgh EH12 5EF
Dates/locations
Visit www.iia.org.uk/scotland for more details or contact [email protected]
Post your eventIIA regions and special-interest groups may include details of their upcoming events by contacting [email protected] state the event title, date, venue and contact details. the deadline for the november/december issue of audit & risk is 16 september.
Student noticeboard
IIA Diploma – syllabus update for November 2013 onwardsA revised copy of the IIA Diploma syllabus has been posted to the IIA website and tuition providers have been notified accordingly.
The revised document has just one amendment, on page ten under 3.2 Organisational structure. The reference to “formal and informal organisations” has been amended to “formal and informal organisational structures”.
Past-paper packs and the chief examiners’ reportsThe past-paper packs and the chief examiners’ reports from the June 2013 session will be available from Monday 9 September at www.iia.org.uk/students/exams/past-papers/
Authority to sit correspondence for November 2013 exams Correspondence for those registered to sit exams in November is due out by Monday 28 October. A copy of this correspondence must be taken to the exam venue as you must present it on entry to the exam room. Photographic identification will also be required.
If you have not received your correspondence, contact Aneta Zieba, assessment coordinator, at [email protected] or on 020 7819 1928.
Case studies availableThe case study materials for the IIA Diploma and the IIA Advanced Diploma will be published on www.iia.org.uk/students/exams by the end of Tuesday 29 October.
Special arrangements policyThe institute provides exam arrangements that take account of students’ special
requirements, providing requests are submitted before an exam entry application.
Students who require such arrangements should ensure they review the latest version of the policy, which can be found at www.iia.org.uk under Policies in the Students section.
Submitting professional experience journalsMembers who have completed the theory modules of the IIA Diploma or IIA Advanced Diploma are encouraged to submit their PEJs as soon as possible. Assessment of PEJs is completed within four weeks and successful submissions
result in the award of the relevant designation.
Further information on submitting PEJs, including the latest versions, can be found at www.iia.org.uk/students.
Your CPD The Members section of the IIA website has detailed information on members’ CPD requirements.
For voting members, one key element is to monitor their professional development plans over the year. The policies are available at www.iia.org.uk/members under “continuing professional development”.
For further advice, contact the institute at [email protected] or call 020 7819 1907.
Student noticeboardEssential information for exam candidates. Visit the Student information centre at www.iia.org.uk for updates.
November 2013 examsExams will be held from Monday 25 November to Thursday 28 November.
ModuLE novEMbEr 2013 tiME
iiA dipLoMA
p1 – the internal Audit Environment Monday 25 9.30am to 12.40pm
p2 – Financial risks and Controls tuesday 26 2pm to 5.10pm
p3 – internal Audit practice tuesday 26 9.30am to 12.40pm
p4 – information Systems Auditing wednesday 27 9.30am to 12.40pm
p5 – Corporate governance and risk Management thursday 28 9.30am to 12.40pm
p7 – internal Audit practice Case Study thursday 28 2pm to 5.10pm
iiA AdvAnCEd dipLoMA
M1 – Strategic Management Monday 25 2pm to 5.10pm
M2 – Financial Management tuesday 26 2pm to 5.10pm
M3 – risk Assurance and Audit Management wednesday 27 2pm to 5.10pm
M4 – Advanced internal Auditing Case Study thursday 28 2pm to 5.10pm
iiA it Auditing CErtiFiCAtE
A1 – it Auditing Certificate Multiple-Choice Questions Monday 25 9.30am to 11.30am
42
your next big move in audit
hays.co.uk/auditandrisk
internaL audit managerWarrington, Cheshire, £competitive + benefitsDCC plc is an international sales, marketing, distribution and business support services group. As one of the largest FTSE 250 companies it employs over 9,500 people, has revenue of £10.6b and operating profit of £187m. Reporting directly to the Head of Internal Audit you will be responsible for developing and delivering a best-in-class audit plan for the Group’s largest division, DCC Energy. You will be a qualified accountant with a minimum of 5 years pqe, with an excellent academic record and the drive to develop your career at a senior finance or commercial level in this growth focused Group. ref: 1900429Contact mike mcgibbon on 0151 239 1294, email [email protected], or visit hays.co.uk/jobs/dcc
Senior internaL auditorWarwickshire, £competitive + benefitsA career at AGCO is an opportunity to join one of the world’s largest manufacturers of agricultural equipment and offers variety to those seeking growth and development. You will support all compliance activities including Sarbanes Oxley 404, specified functional business units and FCPA requirements. You will process assessments in a timely manner and support the local finance teams with financial reporting and projects. Being an IIA, ACA, or ACCA auditor, you will have a proven record in audit and process review and be looking for an organisation where you can make a difference. ref: 1956323Contact gino Lombardi on 0121 212 3301 or email [email protected]
these are just a selection of opportunities we have to offer, visit hays.co.uk/auditandrisk to search for your next big move.
Head oF it auditLondon, up to £125,000 + bonus + benefitsAn opportunity has arisen in one of the UK’s most widely known brands who specialise in retail, private and corporate banking and insurance. Its IT Audit function is developing specialist teams to provide specific services to the Group operations and HR business units. The work will be related to its global payments business and will focus on application, integrated audits. You will have exceptional experience of owing large and complex audit portfolios and with excellent stakeholder management and team leadership skills. As the majority of audits will be integrated, you should have demonstrable experience of working with business and operational audit teams. ref: 1939286Contact Charlie george on 020 3465 0110 or email [email protected]
it audit ConSuLtant & Senior it auditor London, £45,000 - £75,000 + benefitsA global FTSE media business is recruiting for exceptional IT auditors due to several internal promotions. The IT environment here is market leading and as such they offer the opportunity to work at the cutting edge of your field as well as exceptional long-term career progression. These exciting roles focus on the IT environment of the business but crucially also on its suppliers. Opportunities with such broad exposure are rare. Team fit here is very important; you will be personable and enthusiastic yet able to remain professional. You will often be seen as the face of the company and will liaise with stakeholders at all levels. ref: 1937944Contact Christopher Smith on 020 3465 0012 or email [email protected]
SF-6617-4 Audit & Risk 4 9 13.indd 1 16/08/2013 17:08
IIA FP ad Template.indd 1 19/08/2013 12:18
corporate governance recruitmentLondon & City
International AuditorLondon£50–55,000+BensThis successful FTSE listed retail group islooking to recruit a dynamic InternationalAuditor to work within their highlyregarded Group Audit team. Providing riskbased independent assurance across theentire business, the internal audit team isviewed as the training ground for futurebusiness leaders. You will have at leastfour years experience within eitherfinancial or operational auditing and ableto travel up to 50%.
Head of AuditLondonCompetitive SalaryProviding brokerage services across cashand derivative markets including fixedincome, foreign exchange, equity andcommodities, this dynamic and fast-pacedfirm is seeking a Head of Audit to build outtheir UK internal audit team. You will recruitand manage the team and will beresponsible for the annual audit plan.Previous brokerage, asset management orinvestment banking experience will berequired.
Audit Manager – Retail BankingLondon£50–55,000+BensThis successful banking group is looking tostrengthen its Retail Banking OperationsAudit team with a particular focus on skillsin HR, Payments, Sourcing and SupplierManagement audit. The role provides theopportunity to join a successful audit teamwith excellent career progression prospectsat an exciting and challenging time. Theideal candidate will be CMIIA/ACA/ACCAqualified or equivalent and will have strongretail banking experience.
Compliance AuditorLondon£65–80,000+BensThis leading brokerage trades on thewholesale financial markets in a broadrange of complex financial products.A new position has been created for aSubject Matter Expert for Complianceand Regulatory issues. Applicants cancome from a retail banking or ‘other’banking environment and will ideallyhave exposure to some or all of thefollowing – KYC, TCF, ABC, FinancialCrime and MiFid.
For further details of positions inLondon/City contact AlexiaDemetriou 020 7936 [email protected]
Regions
Senior Internal AuditorReadingTo£55,000+BensThis leading global technology group isseeking a senior internal auditor to workin new areas of the business. The rolewill focus on financial transactions,financial management, financial planningand strategy. You will require at least4–5 years audit experience gained aroundcomplex financial areas, specificallywithin the financial services, FX ortaxation sectors and be prepared to travelin excess of 50%.
Senior Internal AuditorNorthern EnglandTo£40,000+BensThis well established financial servicesgroup is growing their group internalaudit team. This is an exciting opportunityfor a senior internal auditor and will requireyou to plan and deliver internal auditreviews which will identify risks andrelevant controls across a range ofbusiness functions. You will ideally haveexperience within financial services andposses a relevant audit or accountingqualification.
Internal AuditorWest Midlands£35–40,000+BensOur client is a long established and highlysuccessful financial services group.Forming part of a progressive audit teamyou will be required to provide assurancethrough risk based audit reviews in linewith the Audit Committee agreed plan.Key responsibilities will include undertakingaudit reviews as directed by the HoIAtogether with related activities includingwhere appropriate attendance at project/steering groups.
Senior AuditorBristolTo£45,000+BensAn opportunity has arisen to join thisdynamic and ambitious group. As seniorauditor you will be expected to assist inthe development and delivery of theannual audit plan, produce high qualityaudit reports and provide an accurate andindependent view of the prevailing controlenvironment. You should be professionallyqualified and will lead on the financeaspects of the annual audit plan and liaisewith the executive team.
For further details of positions inthe Regions contact David Jarrold020 7936 [email protected]
IT Audit
Senior IT AuditorSouth YorkshireTo£50,000+BensReporting to the IT Audit Manager at thisleading multinational you will plan,supervise and deliver reviews ofapplication controls, core infrastructureand the latest internet led technologies.You will have the ability to manage end toend audit processes and work effectivelywith both IT and non-IT stakeholders. Therole will include international exposure andyou should expect to travel up to 20% ofyour time.
Principal IT AuditorEast MidlandsTo£50,000+BensOur client is a consumer focused Plc withglobal operations and a strong onlinepresence. This is a varied role and youmust be able to demonstrate experienceauditing one or more of the followingareas: Windows, UNIX, Checkpoint, z/OS,cloud services, encryption technology,mobile telephony or software development.Preference will be given to applicants withBig 4 backgrounds and/or Prince 2qualifications.
IT AuditorSouth EastTo£60,000+BensThis fast paced, successful Plc is intent ongrowing its IT audit capabilities. You willwork closely with the Head of IT Audit anddeliver a varied portfolio of IT audits acrossgroup operations including technicalreviews of IT infrastructure. In addition youwill work with business auditors onintegrated reviews including the use ofCAATTs. You will have a strong academicrecord, be professionally qualified andhave internal IT audit experience.
IT AuditorLondonTo£47,000+BensOne of the world’s largest integratedenergy suppliers is looking to recruit an ITAuditor to join their EMEA team based inLondon. You will form part of a highlyskilled team and will report to the IT Auditlead for the region. Travel is estimated asbeing between 40 and 60%. The group isdynamic and has a collaborative workingculture and given the scale of theiroperations they require proactive selfstarters.
For further details of positions inIT Audit contact Daniel Flynn020 7936 [email protected]
Audit
Risk
Compliance
Security
Legal
Treasury
London
Edinburgh
New York
Dubai
Hong Kong
Singapore
Barclay SimpsonBridewell Gate9 Bridewell PlaceLondonEC4V 6AW
020 7936 2601
Barclay Simpson Scotland9–10 St Andrew SquareEdinburghEH2 2AF
0131 209 7850
SRS17270-BarSim-DPS-Sept 13:DPS 15/8/13 10:22 Page 1
t
Visitwwwwww..bbaarrccllaayyssiimmppssoonn..ccoommto access a vast range of freeonline resources…
• Search hundreds of audit vacancies• Find your current market value• Information on where best to live
and work• Focus on Computer Audit• Latest information on qualifications
Barclay Simpson hasbeen awarded theDiversity AssuredRecruiter accreditationunder the REC’s‘Diversity Initiative’.
For more details visit:www.barclaysimpson.com/equalopps
Scotland
Senior Internal Audit Manager Edinburghc.£75,000+BensOur client is an expanding retail bankinggroup. They are looking to recruit anexperienced audit leader to plan anddeliver a programme of audit work acrossthe bank. The role will involve significantexposure at executive level. Applicationsare welcome from candidates from an ITaudit or business audit background.However you will need to beprofessionally qualified and havesignificant financial services experience.
Internal Audit ManagerGlasgowTo£52,000+BensThis retail bank is seeking an experiencedaudit professional to manage the planningand delivery of audit work focussing onoperational, credit, and regulatory risk. This will involve leading control reviewsand agreeing improvements wherenecessary. You should be comfortablemanaging staff, stakeholder relations and large scale audit projects. This is an exciting opportunity with goodprogression potential.
Senior Internal AuditorGlasgow or FifeTo£40,000+BensWorking across Scotland’s central belt thisrole will involve delivering a high qualityinternal audit service for this successfulutility group. Your role will be to plan andundertake a range of internal audit andcontrol reviews with the objective ofensuring the group’s internal controls areas effective as possible. You should be ableto demonstrate excellent report writingskills and will most likely already beprofessionally qualified.
For further details of positions in Scotland contact Liam Hughes0131 209 [email protected]
International
Global Head of IT AuditNew York $NegotiableOne of the world’s largest banking groupsis seeking a new Global Head of IT Auditto cover all retail and consumer bankingtechnology. This is a Managing Directorlevel role managing a team of over 50+ ITauditors globally and taking fullresponsibility for a risk based IT Auditplan. Experience of managing global, largescale IT audit teams will be necessary.Applicants must already be eligible towork in the US.
IT Audit: Managers & SeniorsSydney (Relocation available)AUD$90–130,000Our client is a major banking group. Theyare seeking IT and operational auditorswith 4 to 8 years experience who are keento relocate to Australia. You must have asolid understanding of wholesale bankingor ITGC in M&A, Sales & Trading, CapitalMarkets, Asset Management or otherrelevant functions. Your experience canhave been gained either within an in-housebanking environment or via a Big 4. Careerdevelopment prospects are excellent
Senior Internal AuditorParisTo 62,000+bensOur client is worldwide leader in thedistribution sector. The audit team workson a wide variety of audits as well as onmany ad hoc projects including fraudinvestigations and post integration reviews.The company has growing operations inSouth America and they are looking torecruit a Spanish or Portuguese speaker tojoin the team and work in that region.Opportunities to move into the businessare open to all auditors.
For further details of International positions contact Marie Marchi020 7936 [email protected]
Compensation and MarketTrends Report July 2013Compensation and MarketTrends Report July 2013
• The economic and corporategovernance environment
• Up to date overview of theinternal audit recruitmentmarket
• Trends in salaries and otherbenefits paid to internalauditors
• Compensation survey• Salary guide
Download your free copy at: www.barclaysimpson.com
Nationwide Interim Opportunities
Barclay Simpson Interim Solutions is the leading provider of interim recruitment services to the internal audit profession. For more information on these and many other opportunities, please contact Andrew Whyte [email protected]
www.barclaysimpson.com/interimsolutions
London Internal Auditor Retail Banking £350 per dayCentral London Head of Audit Banking to £700 per dayNorth West IT Auditor Public Sector £26 per hourLondon Audit Manager Investment Banking £500 per daySurrey Senior Auditor Insurance £400 per dayLondon SOX Auditor Investment Banking £550 per dayLondon Audit Manager Asset Management £450 per dayYorkshire Internal Auditor Financial Services £300 per dayLondon Junior Auditor Public Sector £225 per dayLondon IT Audit Manager Banking £500 per day
SRS17270-BarSim-DPS-Sept 13:DPS 15/8/13 10:23 Page 2
corporate governance recruitment
Barclay SimpsonBridewell Gate9 Bridewell PlaceLondon EC4V 6AW
020 7936 2601 www.barclaysimpson.com
An opportunity has arisen for a Principal Information Systems Auditor to join Experian’s global InternalAudit team.
This role is high profile with reports provided to Group Audit Committee and Regional Risk Management Committees.The successful candidate will gain exposure to all areas of the Experian business.
The role will involve undertaking risk-based independent audits throughout Experian’s operations in the UK & Ireland,EMEA, and Asia Pacific. Audits will cover a broad range of IT topics, including information security, the effectivenessand resilience of IT operations, product development and compliance processes, providing senior management withtechnical insight and assurance over the effectiveness and efficiency of systems, tools and processes.
Applications are sought from individuals with relevant academic/professional qualifications, including CISA, first classcommunication skills and prior experience of IT audit, or IT management experience in a blue chip environment.An in depth technical knowledge of one or more areas, such as networks, mainframe, application security, firewallmanagement, software development, infrastructure management or information security is also required. Candidatesmust be prepared for approximately 30% travel although a second language is not a prerequisite.
Experian is the leading global information services company, providing data and analytical tools to clients around theworld. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decisionmaking. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.
Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index.
For further information, or to make an application, please contact Daniel Flynn [email protected] or on 020 7936 2601.
Principal IS AuditorNottingham £competitive + excellent benefits + car allowance
Audit&Risk-BP Experian-Sept13:Audit&Risk-BP MI5-Feb12 14/8/13 09:12 Page 1