Risk Managers – Tone Down That Report!

This week three renowned figures – Angelina Jolie, Larry Page and Christine Quinn – disclosed their medical problems to the world. They discussed battle with breast cancer, paralysis of vocal cords, and struggles with bulimia and alcoholism. Jolie, a woman famous for her beauty bared her mastectomy details. They talked about fear of death and handicap, and frailty of human character. They risked high-profile careers by being candid. One word describes their actions – Courage.

However, the corporate world wants to hide behind lies and window dress their weaknesses. The corporate leaders sometimes threaten risk managers and auditors to tone down their reports. The messengers of bad news get shot. Risk managers face bullying, retaliation and threat to their jobs for showing courage to speak the truth. If they refuse to bow down to pressure, the business teams label them as politically dumb or difficult to deal with. Question is – should risk managers tone down their reports to please the business teams?

I want to discuss a couple of scenarios here and you decide the course of action.

Scenario 1- Don’t report correct facts to avoid giving bad news

Let us say, you are a CXO of an organization. You have a heart problem and visit a doctor who is a good friend of yours.

The doctor realizes your heart condition is bad. You require a heart surgery for four bypasses. The doctor doesn’t want to deliver the bad news to you, because he doesn’t wish to hurt your feelings.

The doctor tells you  – “You just have too much stress. You need a vacation to relax and have some fun.” He prescribes you some vitamins and discharges you.

You follow your doctor’s advice, take a vacation. You swim and jog for a couple of days and have a heart attack. You arrive at the hospital with a survival chance of 5%.

Did the doctor do the right thing by not telling you the truth?

Scenario 2 : Don’t report correctly to protect a friend

A civil engineer responsible for doing quality and inspection checks of a bridge notices that sub-standard quality of material is used. There is a high risk of bridge collapsing. However, he issues a clean report to his seniors because the engineer-in-charge of the bridge is a friend of his.

An organisation’s senior managers drive daily across the bridge to reach their office. One day all of them are on the bridge and it collapses. All die.

Would the families of the senior managers be happy with the quality control engineer’s for not disclosing the risks?

My guess is most of the corporate readers would have answered no. You would have preferred the truth when it is a question of your own life being at risk.

Corporate Scenario

So why don’t corporate citizens hesitate when they put other people’s life at risk. See the Bangladesh factory fire, Japan’s nuclear disaster or US banks home foreclosure and mortgage mess. Employees, customers and public lives or life savings were put at risk.

Wouldn’t a few honest risk management reports helped in fixing the problem in time to prevent the disasters?

The corporate world maintains double standards on reporting risks. They want full disclosure of the risks to them but not to others. Before setting these expectations, corporate citizens should answer these questions:

1) Isn’t it a risk manager’s job to identify the health problems of the organization, prescribe a cure, suggest amputation where required and nurse the organization back to health?

2) Is it right to compromise professional ethics and code of conduct to keep a few people happy?

3) Aren’t risk managers responsible for calculating the direct and indirect cost to others for non-disclosure of risks?

4) Shouldn’t risk managers hold their ground and stick to their independent advise as you will benefit from it in the long-run?

Closing Thoughts

Moral courage is one of the most difficult qualities to acquire. Larry Page, as CEO of Google fulfilled his responsibility to the investors by publicly disclosing his medical problems. Now the investors can make an informed decision. One has to admire Page for taking such a difficult call. It takes guts. Disclosing personal weakness makes one feel vulnerable, exposed and fallible. He has shown the path for corporate leaders to follow.

Accounting and Auditing in Ancient India

Professionals want to know the origin of their profession, the work done in olden times and the level of knowledge. I thought of sharing with you the history of Indian accounting and auditing profession. I discovered in Kautilya’s Arthshastra that it existed in ancient India in 4th century BC. Therefore, my guess is that it would have originated at least a few centuries earlier.  The accounting principles and standards used in the present century are similar to those that existed in the 4th century BC. This nugget of information may have surprised you.

Broadly, Kautilya’s Arthshastra covers accounting principles and standards, role and responsibilities of accountants and auditors, the methodology of accounting, auditing and fraud risk management, and the role of ethics in managing financial activities. Let me share some of the concepts with you in the next couple of posts.

1.     Maintenance of Accounts

The accounting financial year was fixed to July-June period and with a full process for closure of accounts and audit of the same. It covered the method of consolidating the accounts from various departments of the government to assess the net income and loss. The accountants were required to furnish the completed annual accounts to the head office mid-July. Delay and/or failure to do so attracted financial penalties.

 2.  Classification of Receipts

 Kautilya states thatreceipts may be (1) current, (2) last balance, and (3) accidental (anyajátah= received from external source).” In it, he differentiates between cash receipts and debtors, current and accrued income, income from other sources, windfall gains, and recovery of bad debts. He recognized the concept of risk and suggested different rate of interests for loans. Foreign trade loan attracted the highest interest, as the returns were uncertain.

3. Classification of Expenditure

Expenditure classification was similar to receipts classification and included the differentiation between capital expenditure and revenue expenses. Kautilya described it as – “Expenditure is of two kinds—daily expenditure and profitable expenditure.” The difference between income and expenditure was termed as “net balance”. He insisted on making long-term investments in construction and other works as these would generate profits over a period. It also entailed keeping track of work in progress.

4. Role and responsibility of accountants

A hierarchical organization structure of senior to junior accountants existed within the king’s treasury function. The accountants maintained books of accounts on an annual basis according to prescribed standards. The same were furnished for audit at year-end. Kautilya suggested good salaries to accountants and auditors as high income would keep them ethical. Accountants would be more prone to commit fraud if they earned very little.

5.     Segregation of Roles of Treasury and Auditor

The fascinating part of Kautilya’s approach was that he recognized conflict of interest between finance and auditing functions. He categorically stated that the head of finance and head of audit should independently and separately report to the king. He recognized the possibility of collision between the two. In India, in the government the Comptroller General of Audit and Ministry of Finance are two separate functions. However, in the corporate world still in quite a few companies chief audit executive are reporting to chief financial officer rather than the chief executive officer.

6.     Building an Ethical Culture

Kautilya believed character reflected personal values of individual and ethical values learning must commence from childhood. Even as an adult ethical conduct was as important as professional skills. He proposed measures to build ethical climate in the kingdom. However, he was practical and recognized the potential of corruption. In accounting, he talked about misstating financial statements due to abuse of power and fraudulent reporting. He devised a system of reward and punishment to ensure compliance to rules and regulations.

7.     Verification and Auditing of Accounts

The concept of continuous monitoring, periodical auditing, verification and vouching existed in ancient times. Checks were done daily and periodically (five nights, pakshás, months, four-months, and the year). The attributes used in the present day for verifying income and payment vouchers were also used in earlier times. Interestingly, each department had spies to provide information and report wrongdoing to the seniors. There was a full process for discovering fraudulent transactions and punishing accountants for misstating financial statements. I shall cover that in the next post.

Closing Thoughts

Kautilya prescribed the accounting theory that included bookkeeping, preparation of financial statements, auditing and fraud risk management. He considered accounting as an integral part of economics. Various kingdoms in India used his work until the 15th century AD i.e. before the colonial rule. I am not aware whether similar level of knowledge existed in other parts of the world before the Christian era. If you do have information, please share it with me. It will be an enthralling journey into the past.

References:

Kautilya’s Arthshastra 

Auditors Criticise Without Value Addition

This is my 251 post and it feels good to have written so many. So I thought of dealing with a difficult and sensitive topic for auditors. The corporate world views auditors with jaundiced eyes and auditorville has a bad reputation. Scott Adams in his book “Thriving on Stupidity in the 21st Century” humorously described auditors in the following paragraph:

“Auditors get more respect and more bribes than accountants. That is because auditors are relatively more dangerous. Auditors are generally plucked from the ranks of accountants who had very bad childhood experiences. The accountants who don’t go on to become serial killers have a good chance of becoming successful auditors.”

The reputation comes from doing post mortems, writing long reports on deficiencies and criticizing the work of business teams. No one likes a critic and especially not those who do not do any value addition. So where are we going wrong?

1.  Criticizing Makes an Auditor Successful

The common perception is that more faults an auditor finds in an audit, the better is the quality of the audit. This is driven by the fact that some audit departments have a key performance indicator on number of observations. If there are no observations or weaknesses, the audit quality was not good. Let me mention an old story here.

A couple was riding a donkey to reach their village.

Two passer-by’s saw them and said – “Poor donkey, has to take the load of two humans.”

The husband heard the comment and got of the donkey. Further, two passer-bys saw them and said-“See, the wife is sitting comfortably on the donkey and the poor husband is walking on the road.” The wife got off the donkey and made her husband sit on it.

After a few kilometers  two spectators said – “See what the world is coming to, no chivalry. Man is riding the donkey and the poor woman is walking.” Now both husband and wife started walking along with the donkey.

Then another set of bystanders said – “See the idiots, both are walking and no one is riding the donkey”

The purpose of audit is to provide assurance on the process, not find faults with it. For instance, last year you conducted an audit of purchasing process and made ten observations. Will the audit of the same process be successful if you made 11 observations or nil observations? If auditee implemented previous year recommendations, then they should not re-appear. If without a change in process, you found new weaknesses, then it means the previous year audit was not done properly. Hence, criticism doesn’t make an audit a success or a failure. The quality of observations holds meaning.

2. My Way or Highway

The other presumption is that audit can be done without much of business knowledge. Just high-level understanding is required. This is really an incorrect view. I recall in my training period I was assigned an internal audit client that flew helicopters. When I was doing bank vouching, I had said to my colleague doing cash vouching  -“Wish we were auditing a car maker, at least I know the cost of a car tyre.” I was checking the appropriateness of expenses including repair and maintenance of helicopters when I hadn’t seen a helicopter from a five feet distance, let alone sit in one. Your guess is as good as mine on the quality of observations and value addition provided.

The big problem comes, when after doing an audit without business knowledge we refuse to listen to the business teams that the observations are irrelevant or incorrect. We don’t appreciate the different perspective of business teams and high-handedly push down our recommendations. Times of India mentioned a nice joke on this last Sunday.

Why did the chicken cross the road?

Plato: For the greater good.

Aristotle: To actualize its potential.

Darwin: It was the next logical step after coming down from the tree.

Neitzsche: Because if you gaze too long across the road, the road gazes back at you.

Buddha: If you ask this question, you deny your own chicken-nature.

Closing Thoughts

In the 21st century, auditors can’t hold a stick to beat the business teams all the time. The role has changed. With it the skill set and approach needs to be changed. If auditors are not able to give a better solution or process change, they should consider whether their criticism makes sense or not. Maybe, business needs to live with the control weaknesses, take the risks because the costs of plugging them are very high. The observation and recommendation should provide value addition, either in the form of assurance or improvement. Else, a lot of expenses are made to cater to auditors’ egoistical viewpoints rather than seeing business viability.

All criticism and feedback on the blog is welcome. Please share your views. A big thank you to my readers for reading my 250 posts.

Should Risk Managers Re-use Last Year’s Strategy?

Let me ask you a question. For 2013 planning, are you thinking of updating the 2012 annual audit plan or risk management plan? Alternatively, do you think major changes are required, and you need to start from scratch? While preparing 2013 strategy of plan, you cannot afford to just tweak your previous plan and get by. You need to do the whole works and start with a plain sheet of paper.

Exactly why am I making such a bold statement? Let me explain. You must have read various surveys in which business teams state that risk managers and auditors are not addressing the business concerns. The thing is risk management practice is changing at a much slower rate than the external and internal business environment.

Below is a simple graph. The lines in real world would not be straight; I have just used it for the sake of convenience to illustrate my point.

1.   External environment

The external environment is going through a rapid change. This includes the social, cultural, political, legal, economic, technological, financial and competitive environment. The speed of change is so high, that most organizations are failing to keep up to speed. Hence, there are a numerous upside and downside risks in the external environment that organizations are clueless about.

2.    Internal environment

Organizations attempt to make sense and adapt to the changes, however at a slower rate than the external environment. During a year, many organization changes take place. Changes occur in business strategy, objectives, policies, procedures, organization structure, roles and responsibilities, governance models, products, knowledge, processes, systems and technology. Due to these changes, the risks within the organization change. Numerous risks remain un-addressed when we do not consider the changes for preparing a risk management strategy.

3.    Risk management function

The risk management disciple as such is changing at a slow pace. If you recall, COSO issued “Internal Controls – Integrated Framework” in December 2011 for public comments. The internal control definition had not changed and only some areas were improved though this was the first revision issued after 1992. COSO received so many comments, that now it plans to issue the final version in 2013.

Within the organizations, the situation is the same. Risk management and audit functions are the last to change. While CEOs are demanding that they advise on strategic risks, very few are rising to the occasion. Even with five-year of financial crises and slow down of economy, the surveys show limited improvement in performance of risk management and audit functions. They haven’t leveraged the opportunity, leaped forward or made great strides. They are cribbing about the same old issues of lack of top management support instead of focusing on the changing business landscape.

Hence, the gap in knowledge of risk managers and auditors of business risks is huge. If they are not tuned into the internal business environment, they leave some risks unaddressed. If they haven’t focused on the external environment, they are a number of unknown risks that can affect the organization any time. Therefore, the annual risk management strategy and/or plan is ineffective if these aspects haven’t been considered.

Closing thoughts

The business environment risks can be best described in the words of Donald Rumsfield, the former US Defence Secretary. He had stated at a press briefing relating to the increasingly unstable situation in post-invasion Afghanistan: “There are known knowns. There are things we know that we know. There are known unknowns. That is to say, there are things that we now know we don’t know.  But there are also unknown unknowns. There are things we do not know we don’t know.” Risk managers and auditors are in the same situation. Hence, strategy and plans have to be devised keeping this in mind. Start from scratch for 2013 strategy.

Watch this video and share with me, will your old strategy work?

Winner of the Competition of Bullshit Quotient Book

Thank you all for participating in the poll and the competition held in the post “A Book Review – Bullshit Quotient“. Over a 100 people voted and mostly in favor of the views expressed by the author Ranjeev Dubey. Ranjeev has personally gone through the comments and chosen a winner. He has also expressed this thoughts on the various comments. Read below, as I am sharing an unedited version of his opinion.

My thought as I read through the thoughtful comments posted by your followers was mainly at the high level of comprehension here. Why we nevertheless allow this endless repetition of culpable double speak is a moot question. Why this clear understanding of the reality on the ground does not translate into a program of change is another moot question. I can draw your attention to the following nuggets that I particularly liked:

“The business of the company is to deliver value to the stakeholders/shareholders. Everything else is incidental. All the stuff about delivering value to customers is BULLSHIT. – M Seshagiri Rao:

“Small practices often have no audit trail. Accountability is ensuring that you understand and carry out the actions of the law, with ethical and moral actions. So, the laws are there, [but] the government is in the hands of those who thrive on power, regardless of having the right to vote, that doesn’t even matter…”- Joanne McNamara:

“As a cynical private investigator I have found that the bigger the lie, regardless of the circumstances, simply means that there are more person involved.”- Jeff Moy

“To add to the misery, a nation in need of an inspiring dream, is fed the empty corporate drivel”. – Amey Kawale

But at the end, the prize goes to the one who goes beyond the points made, to the next level so to speak. And for me, the winner is:

“Commercial organization sometimes fail to realize (or take the ostrich approach to the fact) that they don’t exist in a vacuum, but within an ecosystem where the (mostly competing) interests of companies, customers, employees, regulators, environment and the larger society are required to be optimized. This was the stated (though in a different way) objective of the concept of Trusteeship, which sadly has gone out of the window gradually after Indian independence.” – Deb.

Thank you all, and especially, thank you Debashis

Rajeev Dubey “

The winner of the competition is Debashis Gupta. Congratulations!

Debashis please email your address to me and we will send you the prize.

Ernst & Young Insight For Internal Audit Transformation

The last post – ‘Coal Gate Scam – Should Auditors Comment on Policy Decisions’ ignited a thought-provoking discussion on LinkedIn. The major debate was on role of internal auditors on evaluating strategic decisions and strategy per se. The message is – transform the internal audit department and leave behind the old thinking of verifying compliance to existing processes. Hence, I thought of sharing some great insights from the Ernst & Young report – The Future of Internal Audit is Now.

Before we discuss the details, check out transformation process depiction below.

The key aspects of the transformation process are:

1.      Align with organization strategy

According to the study, 61% of the internal audit departments did not have a documented mandate aligned to business. One can question then, exactly what are they working on. The way forward is to understand the business strategy – sales, operations, human resources, products, etc. and identify the strategic and business risks of the same.

2.      Formulate the internal audit strategy

Based on the understanding of business strategy and strategic risks, devise an internal audit strategy. Developing an internal audit annual plan isn’t sufficient. Take the time period of the business strategy, and formulate the internal audit strategy for the same period or a three to five year period.

3.      Acquire the right talent

Execution of a strategy is as good as the people deployed to the task. Upgrading skills is a must. Besides technical and functional knowledge, auditors now need business acumen. Rotate resources from operations to get in-depth business knowledge. To highlight the importance of business skills, according to the report just 47% of the IA departments have a training plan for leadership and business management.

4.      Operate as a business function

Internal audit should stop viewing itself as a support function and take a leaf out of line functions. It should measure itself against the same standards as business functions. Have the right strategy, execute it effectively, provide value add and measure against key performance indicators. As it is mostly a cost centre, it doesn’t mean it should let itself go.

Closing thoughts

Survival of business in this global economic crisis is hugely dependent on effective risk management. Internal audit plays a vital role in improving the financial performance of the organization. Hence, transforming the department functioning from old mind-set to fit the 21st century requirements is must.

Before closing, here is something to start your week on a good note. An old man for the first time saw moving walls. While he was standing in front of them, he saw an old woman enter the walls, and in a second a young woman came out. He said to his grandson – Son, hurry home and get your grandmother.

References:

The Future of Internal Audit is Now – Ernst & Young report

Coal Gate Scam – Should Auditors Comment on Policy Decisions?

The Coal Gate Scam report has squarely put the loss of Rs. 1.86 lakh crores (USD 35. 097 billion) at the Prime Ministers door. Comptroller and Auditor General (CAG) report states that Prime Minister Manmohan Singh agreed to introduce competitive bidding for allocation of coal blocks way back in October 2004. However, his office indulged in delay tactics of approving the revised policy. This resulted in allocation of coal blocks according to the old policy introduced in 1993. Failure to use competitive bidding resulted in a loss of Rs. 1.86 lakh crores (USD 35.097 billion).

This raises interesting questions from the corporate sector perspective. Should auditors see the validity and applicability of policies? Alternatively, should they restrict their role to the compliance of existing policies?  What happens when a policy or standard operating procedure of an organization is redundant however is still being followed? If competitors are using better processes, technology and policies than the organization, what role should auditors play in it?

1.     Delaying Policies Becomes a Political Game

According to the CAG report, the Screening Committee allocated blocks and the process lacked transparency. Allegations are that private companies with political links benefited at the expense of others. However, competitive bidding policy could have been introduced with an amendment from the administrative desk. Prime Minister’s role becomes critical as he was also fulfilling the responsibilities of Minister of Coal. CAG says he made it into a bigger issue that the policy should be changed for all minerals and not just coal; hence the process for making such large-scale policy change was different. This allowed the coal ministry to follow the 1993 process.

This happens in the corporate sector too. For instance, an employee or a small group suggest a change to an existing control process that will take just one man-month effort. Some others with vested interests do not wish for the change to occur. However, they can’t reject the suggestion for strengthening controls without looking bad. Hence, to stall the project, they add a few more suggestions which make the project larger into 24 man-months effort. Now the change can only happen once the huge budget is approved. Since, the project is not priority; it stays on the bottom of the budget approval list. Hence, status quo remains and subsequently someone exploits the control weakness to conduct a fraud.

In such a situation, as an internal auditor would you highlight the initial attempt to strengthen controls and put responsibility on the other group for delaying the change? Do we as internal auditors go back in such depth to find out what projects or policies were kept pending approval and they had such a huge negative impact?

2.     Auditor’s Role in Policy Review

The Supreme Court has upheld CAGs power to comment on policies. Justices R M Lodha and A R Dave bench said “Do not confuse the constitutional office of CAG with that of an auditor of a company or corporation.” This response was in respect to a petitioner’s contention that CAG should restrict itself to auditing expenditure and not comment on the government’s rational of policy decisions. The bench had further added – “CAG is not the traditional Munimji to prepare only balance sheets. It is constitutionally mandated to examine the efficiency, effectiveness and economy of the decisions of the government in using resources. If the CAG will not do this, then who will?

This viewpoint raises some interesting points for internal auditors in the corporate world. Should auditors be commenting on strategic or policy decisions of the company?

For instance, the company decides to use print media for advertising open job positions. However, it is much cheaper to use job portals and social media. These significantly reduce the cost of recruitment. Should an auditor restrict himself to checking that all expenditure is authentic or question the hiring policy?

Another aspect is the strategy decisions. Let us say, Company A decided not to enter into the emerging markets, whereas Company B operating in the same industry entered the emerging markets and increased the profitability tremendously. Should an auditor audit strategic decisions, and not just say that it is management responsibility. Where is the line of demarcation drawn in respect of corporate internal audit?

Institute of Internal Auditors new standard applicable from 2013 ‘Achievement of the organization’s strategic objectives’ states that – “The internal audit activity must evaluate risk exposures relating to the organization’s governance, operations, and information systems regarding the achievement of the organization’s strategic objectives”.  Hence, should we conclude that evaluating strategic decisions comes under internal audit purview?

3.     Auditor’s Role in Calculating Presumptive Loss

The CAG audit reports on 2G licenses and Coal Block allocations have raised a storm due to the calculation of presumptive loss figures. The government’s contention is that CAG should not be calculating the opportunity loss, as policy decisions are taken to benefit the public.

CAG however, contended that – “We had never commented on government policies, neither did we ever say that auction was the only route or that all natural resources should be auctioned. In both 2G spectrum licences and coal block allocations, we had only commented on the ‘effectiveness or non-implementation’ of policies. The presumptive loss or windfall gain figures are only to highlight the serious issues of an act of commission during implementation of government policies.”

In the corporate world, internal auditors make an observation and restrict their recommendations to suggest improvements. In rare cases, a cost-benefit analysis is done on the impact of the control weakness. We generally fail to draw management attention to the seriousness of the issue, as they are no numbers given. Should corporate internal auditors change their approach to audit work to give a cost-benefit analysis for their observations? Will that garner more attention from the management and initiate action?

Closing Thoughts

These are questions worth debating about and there are no easy answers. The business world internal auditors can learn quite a few lessons from the government auditors. They are doing a good job of raising contentious issues. Below is a poll to assess your views.

References:

  1. CAG not a ‘munimji’ of govt’s balance sheet: SC
  2. CoalGate: CAG does not let Manmohan, PMO off the hook
  3.  Performance Audit of Allocation of Coal Blocks and Augmentation of Coal Production (Ministry of Coal)

Re-branding Risk Management and Audit Functions

There is an old joke on power of branding. When a man goes to a woman and says – “I am great in bed, how about it?”, it is sales. When an attractive woman goes over to a guy at a party and says – “Hi, I hear you’re great in bed, how about it?”, it is branding.  Seriously speaking, how many times have the business teams come over to the risk management or audit department and said – “You are great at this, we need your help and advice”. If the business teams aren’t approaching, then we have poor brand image. Our customers are in two minds whether they should involve us or not. Quite often the business teams think they are better off without us. So shouldn’t we be delving deeper to find out that why in the competition between various departments in an organization, we generally are at the bottom on the popularity chart?

1.     Auditors are Watchdogs

Seriously, why do we use this term? It negates the very premise of being of service to others. Think of it for a second. We say, men are dogs, women are bitches, and auditors are watchdogs. Does it connect to negative or positive emotions?

With it we wish to sell the image of trusted partners, advisers and mentors. When we use the word watchdog, do we think –as trustworthy as a dog?

Have you ever felt the urge to pet a strange German Shepard or a Doberman? We see a couple of them coming towards us, and the bravest of us feel a tinge of fear and anxiety. Why do we expect any person interacting with an auditor to feel any different then?  Doesn’t the term watchdog, makes auditing sound like a blood sport? Why get stuck with an age old expression?

2.     The Coolness Quotient

We associate with brands because of their coolness quotient. It feels good to be part of the tribe, now whether it is Facebook site, Intel machines, Apple iPhone or Harvard degree. We desire it because it makes us feel or look good. When does audit or risk management makes the customer feel or look good?

I came across David Brier (@davidbrier), a branding expert on Twitter. In his short book titled “The Lucky Brand Book”, I was stunned by the last point. It said – give a reason to celebrate the brand.

I questioned him – how does one celebrate risk management? He gave me two answers –

a)     “Choreographed spontaneity” – all the fun and with a safety net

b)     All the gain without the pain

Both these answers send out positive messages. It definitely shatters the mind-set that risk management applies to negative aspects of business. Why not give it a try?

3.     The Independence Clause

We profess to maintain independence, and to do so we state quite a few things are management responsibility. At one point we express a desire to sit on the board table; at another we disassociate ourselves from management. I understand the technicalities of requirement to maintain independence. The question is – are we using it to escape responsibility?

As part of an internal audit role we undertake to issue an audit report. In risk management we either assist or conduct a risk assessment. As risk managers we provide the second line of defense and as auditors the third line of defense.

Though we desire a more active role, we don’t wish to match the responsibility with it. For instance, we submit a report with recommendations, and leave the business teams to implement the solutions, as it not part of our job. Doesn’t that appear like sailing a person in  middle of a deep-sea and leaving them there, on their own? As giving a return ride back to the shore isn’t part of the deal.  Is it going to generate trust and respect to build healthy relationships? Next time round, are the business teams going to welcome us back?

Closing Thoughts

I definitely don’t have the answers to this one. Though it is clear, we need to re-brand. Maintaining the status quo isn’t helping us. At the logical level we are doing our job. At the sub-conscious level the business teams receive numerous negative messages, which dissuade them from emotionally connecting with the functions and its members. Risk managers and auditors need to figure out how to brand themselves externally and internally.

While you do so, listen to one of the everlasting brands – Elvis singing Suspicious Mind

References:

The Lucky Brand Book by David Brier

Misunderstanding of Risks Between Business Teams and Auditors

PWC Internal Audit survey highlighted one critical shortcoming of Chief Audit Executives and Internal Audit Department. The risks that business teams consider critical are being ignored. I have been covering some of the risks on the blog, namely – people risks, competitive advantage, innovation and creativity, marketing, country risks, etc. According to the survey, more than 20% of the stakeholders reported that internal audit paid too little attention on these risks. Hence, the question is why are internal auditors and risk managers not looking at them. Take a look at this chart first.

PWC Internal Audit Survey 2012

From the survey results, two assumptions can be made. First, the internal audit function is still focused on auditing the processes that link to the financial numbers. Second, they are not understanding the business aspects of the organization. As given below, three things need to be done.

1. Understand business requirements

The situation reminds me of an Archie-Veronica joke. Veronica is trying out a new pair of jeans in a store. She looks in the mirror and says – “The jeans are tight, I wonder what could be the problem.” Archie promptly replies – “You might have gained a few pounds”. Veronica gives one whack on Archie’s head and again makes the same statement. This time Archie replies – “The store may have marked a wrong size on the jeans”. If the internal audit reports were hard hitting, business teams may give the internal auditors a rosy picture. They may not be sharing the true concerns in respect to various business risks. Hence, internal auditors would focus their energies on some unsubstantial risks.  Improve the communication with business teams to understand the risk environment. Create an environment where truthful interactions occur.

2. Add in next year business plan

Last quarter of the year has started today, and most of the organizations will prepare 2013 plans in this quarter. This is a good time to understand the business risks and prepare the 2013 annual audit plan and budgets accordingly. Coordinate with the business teams to understand their annual plans. Identify the risks relating to the plans. Discuss with the teams on how internal audit function can help them. Attempt using collective intelligence and crowd sourcing techniques to develop your plan. Where required, take a call to provide advisory services rather than assurance services. Business managers expect much more from the internal audit function. Hence, gear yourself to meet if not exceed those expectations.

3. Develop talent and skills

In the 20th century internal auditors audited the same financial numbers as external auditors. In the 21st century, the function requires revamping. In my previous article – “New Risks and Uncertainties in 21st Century” – I had conducted a poll. I had asked respondents whether they thought present day risk managers were equipped to deal with 21st century risks. Out of 17 total votes, 15 had responded that less than 50% of the risk managers can manage the new business risks. The verdict was by the risk managers about risk managers. Don’t be a dinosaur and learn new skills to survive in the market. In another 5 years when Gen Y become middle managers, Gen X may become redundant.

Closing Thoughts

With the turmoil in various economies, the 2013 risk landscape will be drastically different. Organizations that are well geared in risk management, have a higher probability of sailing through. Internal auditors and risk managers need to incorporate the impact of globalization, technology and social media in their annual plans. There is no purpose in serving stale bread and expecting business teams to swallow it. Rejuvenate in the new business age.

Wishing all my readers a Happy Gandhi Jayanti. Let us pray that each person believes a little more in non-violence and work towards a peaceful world.

References: 

PWC Internal Audit Survey 2012

A Book Review: Bullshit Quotient

Enter the competition below to win the book.

Ranjeev Dubey’s recently published book “Bullshit Quotient” (I am literary correct, and haven’t resorted to swearing on my blog) pulls the wool from the eyes. The lines in the introduction pages are – “Absurdly, in our cultural fabric, spotting the little lie is a skill called wisdom; spotting the big one is a sin called cynicism”. Hopeful idealists, who believe the world will become a better place to live, will be disillusioned and disheartened reading this book. The jaded cynics will find it provocative, amusing and ruthless. If you are willing to get your rose-tinted glasses peeled off, then read this book.

Ranjeev, an attorney by profession, wrote this diatribe on Indian corporate, legal and social world to call a spade a spade. It is rare in India, that an author chooses brutal honesty over the delicate footwork of political correctness and diplomacy. Below are my three main takeaways from the book.

1.      The Cost of Economic Growth

Fittingly, Ranjeev has narrated the excessive cost of industrialization paid by economically backward and tribal communities (Adivasis) of India. Government on the pretext of acquiring land for development, irrigation etc. has made millions homeless. Without farming land and an education, these poor people have become slum dwellers in cities, and do menial tasks to make a meagre living. Those outraged by the injustice meted out to them, have joined Naxalite groups and terrorist organizations. Their anger has led them to a path of self-destruction, as after a couple of years they are either shot down in a police encounter or spend their life in prison. The urban class is completely apathetic to their plight,  as they are focused on catering to their latest self-indulgence.

Nearly one-third of Indians live below poverty line, and India cannot become a powerful nation unless these poor people start earning  a reasonable standard of living. Two big ones are required to change the situation. The anarchic land acquisition act needs to modified to give a fair price to land owners. Political will has to be strong to re-locate the displaced people.

2.      Dependence of Independent Directors

Ranjeev has raised the same question as I did before – Are the independent directors really independent. Ranjeev’s strong opinion  is – “In truth, independent directors are wall flowers, perching uneasily on the tenuous board seat, good to topple any time the promoter choses. They can’t protect themselves, leave alone the small shareholder”.

Aptly described; the independent directors appointment and continuance is dependent on the good will of the promoters.  They are not in a position to take a strong stance, as they will be labelled troublesome and jeopardize other appointments. Even well-reputed industrialists sitting on other company boards restrain from rocking the boat. In the elite club, no one wishes to spoil the business equations. Hence, it is just a mirage that independent directors are the bastions of corporate governance and will defend small investor interests.

3.      Auditor Role in Fraud

Objection, my lord; here, I beg to differ. Ranjeev has rightly pointed out auditors primarily responsibility is not to detect frauds. Auditors cannot be held responsible if a fraud remains undetected. But there are two statements, where my readers will have to defend the auditor’s reputation. Below are the extracts:

“It is not the auditor’s job to get into the details of books, records and documents. It follows that the auditor’s only job is to take a leisurely glance at the papers of the company puts before the auditor while daintily picking the sumptuous kebabs over the working lunch at the company’s office.” The lunch dig is true, it happens in India but auditors have to bury their noses in the books of accounts of the company.

The second one is more disparaging –

“He does not understand the company or its business, does not understand the environment in which the company operates and does not understand what is going on in it. His job is to look at the books and create more papers. Auditing is about reconciling paper trails, not truths.” Whoa, if an auditor hasn’t got his fundamentals right, then most probably he is delivering this poor quality work. Auditors need to figure out how to break these negative stereotype images and get appreciated for the value they offer.

Closing Thoughts

As we are given a choice between being an optimistic idealist and pessimistic cynic, I choose the former. Idealists are happy, cynics’ worldview is miserable. Nonetheless, we can’t ignore the atrocities, injustices and differences in our world. An idealist is better equipped to bring about a change, when the plans are grounded in reality. If reality stinks, we have to acknowledge and accept it before we devise a strategy for change.

This book describes the smelly portions of our society, which we want to close our eyes, ears and nose to. Besides it, the book has amusing wordplay. Here is line I liked – “Of all the bibulous ballyhoo that emerges from the loquacious lips of corporate kookaburras, the weirdest is the idea that the business of a company is delivery of value to its customers.”

Win the Book – Enter the Competition

Share your opinion here. If you agree or disagree with Ranjeev, come forward. You can win. Ranjeev will select the best comment and the book will be yours. Ranjeev has also offered to give a response to your comments. His response and the best comment will be posted on 17 October. Mind you, you will get a good defense; he is an attorney by profession.

You can visit Ranjeev’s website at www.ranjeevdubey.com