Chief Financial Officers’ Focus Areas After Recession

Chief Financial Officers (CFO) have become jugglers and they have to be good at it. Any ball they drop can be the death knell of an organization. The growing importance of a CFOs role within the organization cannot be underestimated. Risk managers should view it as a game changer. They are normally susceptible to viewing CFOs and finance departments as just being the owners of financial records. However, the CFOs focus is shifting from financial numbers to becoming strategic business partners. In light of this trend, risk managers while conducting a finance department risk review or audit need to look at things from a different perspective.

Hence, the question is in a recovering global economy what are CFOs focusing on? I had a sneak peek at the soon to be released SAP report – “The Superstar CFO: After the Crises.” The report is in continuation of “The Superstar CFO” published in 2007. The report categorically says that CFOs wear multiple hats and their key performance areas have changed significantly. I am giving my opinion below on some of the trends mentioned in the report.

1.    Focus on Business Strategy

 As I had mentioned before board generally selects strategies of politically strong  CXOs . Although the assumption is that  organizations follow a proper process for strategy selection, it is full of loopholes. CFOs have access to hard data and they are in the ideal place to facilitate the board in choosing the right strategy. The decision-making would improve, as data is apolitical. Secondly, cognitive and political biases will be highlighted. 

The good news is that CFOs are now focusing on being business partners to CEOs by facilitating them in forming strategy.  To emphasize the point  Mr. Fernández at Scottish Power  stated – “To me, the role of CFO is first of all to help define the right strategy together with the CEO, and seeing that investments and operations follow that strategy. In summary, to keep the company where it should be.”

This is an excellent opportunity for Chief Risk Officers (CRO) to align themselves with CFOs initiatives in strategy development. Presently, in just two-fifth  of the organizations, risk managers are involved in strategy formation. They need to collaborate with CFOs to do effective strategic risk management.

2.    Financing Growth

 As the economy is recovering the CFOs focus is shifting on supporting business growth. During recession CFOs focused on maintaining cash reserves to protect the organization from volatile market conditions. Moreover, it was difficult to obtain short-term funds when financial sector was in doldrums. The whole effort was on maintaining status quo.

With the changing business environment, organizations are strategizing for organic growth or new acquisitions. Hence, CFOs would be looking at providing finances for organizational growth. A Singapore based CFO appropriately summarized the CFOs thinking – “Sitting on cash is not the smartest thing to do, with interest rates so low today.… We’d rather have our cash going to new acquisitions or new assets.”

 This indicates that risk managers require paying attention to the financial risks the organization is undertaking. Since the economies have still not stabilized they should monitor the early warning signs for excessive financial risk exposure.

3.    Setting Shared Service Centers

CFOs continue to focus on establishing and growing shared service centers for accounting and other back office processes. The objective is dual – reduce costs and improve availability of financial information. Ms. Urban of Bardy Corporation said about the organization’s shared service center – “It has really allowed my team to have more scale, not have to worry so much about transactions, and be able to give better support to their business leaders. We’ve been able to spend more time on the things that actually drive business decisions rather than managing accounts receivable and accounts payable.”

 Risk managers need to do an in-depth analysis of back office risks, especially if the activities are off shored and/or outsourced. Key failures while establishing shared service centers are that cost savings are not analyzed properly, processes are not re-engineered, and regulatory and country risks are not assessed before off shoring.  

 Closing thoughts

 In nutshell, CFOs role is dramatically changing. Besides financial experts they act as business partners, strategists and risk managers. While CFOs have improved their portfolio of activities and visibility in business, the risk managers have failed to do so. Hence, the risk management department heads need to learn a lesson from this. They must leave behind their narrow focus on financial risks and align their activities with those of the CFOs. This move will put them on CEOs and Boards radar and enable them to drive risk management culture throughout the organization.


 The Superstar CFO: After the Crisis – What it takes for Finance executives to excel in a changing and uncertain world – A report prepared by CFO Research Services in collaboration with SAP. The report will be released for public viewing in July 2011 but you don’t have to wait to get your hands on it. You can download it BRP_Advanced_Release_No1_AP_Superstar_CFO_After_Crisis_Jun2011

Chief Financial Officers Risk Awareness Levels

The common perception is that Chief Financial Officer (CFO) has an in-depth knowledge of organization risks. The premise is that finance teams are knowledgeable about risk management as most of them are qualified chartered accountants or certified public accountants. Secondly, Chief Audit Executive (CAE) or Head of Internal Audit quite frequently administratively report to the CFO. Hence, the obvious conclusion drawn about organization risks is that “CFO knows best”. After distilling information from a few reports, I realized that we may be thinking on the wrong track.

1.    Misperception about Finance Department Risk Awareness Levels

The results of a recent survey “Ascending the maturity curve – Effective management of enterprise risk and compliance (A report from the Economist Intelligence Unit Sponsored by SAP)” indicates that this thinking is most likely a case of cognitive bias and may not be factually correct. The report states that – “Companies may be underestimating the extent of risk and compliance failures in their organization. Just over one-third of respondents say that their organization has suffered from one or more significant risk or compliance failures in the past three years. But this proportion is most likely owing to the fact that most respondents come from the finance function, where awareness of failures is relatively low. Among the four functions surveyed—finance, legal, risk and compliance—respondents from outside finance estimate significantly higher levels of risk and compliance failures. This suggests not only that the finance function is underestimating the level of failures, but that knowledge about risk failures is not being widely disseminated in order to improve practices and tighten policies.” The graph below shows that 65% of respondents from finance department said that their organization had no significant risk failure and just 28% stated that their organization suffered a serious risk failure.

 With respect to risk awareness, when pitted against legal, risk and compliance departments the finance function doesn’t come out with flying colors. The graph clearly reflects that in most organizations there is an information gap between various departments about risk failures.

2.    CFOs aware of shortcomings in risk management

 My second thought on seeing the data was – do CFOs believe that they are the best bet when it comes to risk management ?  Mark Twain had once said “It ain’t what you don’t know that gets you in trouble; it’s what you know for sure that just ain’t so.” So what kind of perceptions and understanding prevails amongst CFOs about risk management?

I referred to the soon to be released report -“The Superstar CFO: After the Crisis – What it takes for Finance executives to excel in a changing and uncertain world (A report prepared by CFO Research Services in collaboration with SAP)”. A candid statement made by Mr. Allé, CFO at SNCB in Europe aptly describes the situation.  He said – “The biggest impact of the CFO is eliminating, mitigating, and managing the risks. And, unfortunately, when a CFO is successful you don’t see the impact of these actions very much, because the risk doesn’t materialize. So it’s quite difficult to measure.” In my opinion this is a realistic perspective hence in some ways a confidence booster. CFOs are aware of the shortcomings in their capability to manage risks, especially the lack of focus on it in good times. But, it does raise the question as to whether CFOs focus on risks only in bad times?

Fortunately, that is not the case. The report highlights that as the global economy improves, CFOs are looking at risk management as a challenge of balancing risk and opportunity. Mr. Wong at Lenovo mentioned – “The risk management obviously is important, especially when the external environment is very volatile…. We spent a lot of time making sure that growth is not subject to an unnecessary level of risk. We can see risk management as an issue, but more importantly under the umbrella of growth.”

In my view, finance departments have not mastered the game of risk management. They still have a tough road ahead in the recession hit western world and BRICS emerging markets. In both economies, the risks are different. However, finance department is in a position to improve their risk management capability as they have access to critical data. A meticulous focus on risk management by finance department will keep the organization out of muddy waters and facilitate in reaching optimal targets.

Closing thoughts

In my opinion, some thinking needs revamping. The idea that all risks lead to the finance department is somewhat incorrect. With strategic, tactical and operational risks impacting business, the finance department maybe clueless about them. Finance departments apparently are still focusing on the financial risks. Here, organizations need to ramp up communication between risk management and finance departments to obtain an organizational view of risks. The CFOs on their part can’t get laid back on risk management because economy is recovering. Moreover, they need to meticulously focus on building an integrated risk management function within the organization.


 The Superstar CFO: After the Crisis – What it takes for Finance executives to excel in a changing and uncertain world – A report prepared by CFO Research Services in collaboration with SAP – The report will be released in July 2011 and this is just a sneak preview for my readers. Special privileges for my readers. You can download it BRP_Advanced_Release_No1_AP_Superstar_CFO_After_Crisis_Jun2011.

Ascending the maturity curveEffective management of enterprise risk and compliance – A report from the Economist Intelligence Unit Sponsored by SAP

Employee Disengagement Risks

Yesterday I read the cartoon strip Blinkers Off by Salam in which a human resource professional is saying to the other – “We have a fantastic décor, well-lit office and efficient air-conditioning….why are we still having retention problems?” A couple of decades back when I started working this was all that was required to keep an Indian employee on the same job for life. Now with multinationals and globalization the poor human resource teams are struggling to retain employees and have a war of talent on their hands.

Employee engagement is the buzzword and India is doing excellently in it. As per Blessing White Employee Engagement Report Survey 2011, in India 37% of employees are engaged and 12% are disengaged. This is better than the world average of 31% employee engagement and 17% employee disengagement. This means worldwide, 1 of 3 employees is engaged and 1 of 5 is actively disengaged. China is at the bottom of the rung with just 17% employee engagement level. While reading this survey results Indians may feel gleefully triumphant, but hold the celebrations since there is a downside to it.

The average is good as 50% of the Baby boomers and 41% of Gen X are engaged. However, just 30% of Gen Y/ Millennial are engaged which is below the world average. In respect to disengaged employees the percentages are – 7% Baby boomers, 10%  Gen X and  17% Gen Y. That means the oldies when I started working are working with the same mindset of one company employment in a lifetime.

Now let us view this from a different lens. As per 2011 Census India’s total population is 1.21 billion and in the Wikipedia it is mentioned that “India has more than 50% of its population below the age of 25 and more than 65% hovers below the age of 35”. The trend is reflected in the IT/ITES sector where the average age of employee ranges between 25-30 years. Hence, in the long run, if Indian Gen Y is not engaged, the organizations will not be able to reap the benefits of an engaged workforce.

The Blessing White survey also indicates that in India engagement levels are not uniform amongst organizations and vary differently between industries, department, gender, generation and role level. This indicates that organizations can’t just see the survey results and feel that it applies to them.

Moreover, employee engagement misperceptions exist at CXO level. A survey conducted by Economist Intelligence Unit in US titled Re-engaging with Engagement states that “The C-suite displays a consistently “rose-tinted” view of engagement that is not shared lower down the ranks. For example, 47% of C-suite executives believe that they themselves have determined levels of employee engagement, a view shared by only 16% of senior directors outside the C-suite. More than one in five in the C-suite believe that employees are “much more engaged” than those in rival firms, compared with only 7% of respondents outside the C-suite”. Hence, the employee disengagement levels might be completely misunderstood the CXOs. Therefore, the associated impact and risks would remain unmitigated.  

In light of the above, risk managers while conducting a review or audit of Human Resource Department (HRD) need to check what percentage of engaged employees are reflected in the organization survey. Risk managers assume that employee engagement is a HRD issue and underestimate the risks of disengaged employees. According to surveys conducted by LSA Global Learning Solutions, “lower employee engagement scores result in:

  • 12% lower profits
  • 19% lower operating income
  • 28% lower earnings per share

While higher employee engagement scores correlate to:

  • 18% greater productivity
  • 12% higher customer satisfaction
  • 51% less voluntary turnover”

The above-mentioned numbers definitely call for attention. Just to give a brief explanation, below are three perils of disengaged employees.

1.    Disengaged employees impact sales

In People Metrics post “How Disengaged Employees Create Disengaged Customers” the results of customer research are published. It states that – “Disengaged employees disengage customers by appearing uncaring and apathetic. That matters because, as behavioral psychologists tell us, 70% of purchasing decisions are emotionally-based” Hence, disengaged employees directly impact customer satisfaction and show lower probability of deal closer. This directly affects sales.

2.    High Attrition Increases Costs

According to Indian HR professionals, the attrition cost of an employee is 3 to 4 times their salary. Now this is a concern in India as attrition levels are quite high. The costs involved are recruitment expenses, training, lesser productivity of new employee etc. The reason I am mentioning this is that disengaged employees have a higher probability of looking for another job.

3.     Increase in Fraud Risks

Disengaged employees are able to rationalize misconduct easier as they are not committed to the organization. With lack of motivation and loyalty towards the organization, and a higher disgruntlement level, it becomes easier to rationalize wrongdoing. Disengaged employees are more likely to circumvent the control procedures and less likely to adhere to policies. Lastly, there are lower chances of a disengaged employee  reporting misconduct of another. Hence, the overall fraud risk level of an organization increases with more disengaged employees.

These are just a few examples of impact of disengaged employees. I recommend a read of Blessing White Survey to understand the issues from an HR perspective.

 Closing thoughts

Disengaged employees can make or break the company. It is one of the key differentiators between successful and unsuccessful companies. Organizations with higher level of engagement execute strategies effectively. CXOs and HRD need to be forever vigilant about employee engagement. Risk managers must cover a review of employee engagement at least annually. This is one aspect where risk rewards and costs can be easily quantified. Hence, by directly adding to the bottom line risk managers can earn some brownie points.


  1. Blessing White Employee Engagement Report Survey 2011 – Thanks to Beverly Kaye (@BeverlyLKaye) CEO of  Career Systems International for bringing this report to my attention.
  2. Demographics of India
  3. How Disengaged Employees Create Disengaged Customers by People Metrics.
  4. Re-engaging with engagement by EIU
  5. LSA Global Learning Solutions
  6. Calculating the Cost of Employee Disengagement by People Metrics

Building an Ethical Work Culture in Indian Organizations

The Business Enterprise magazine published this article in July 2011 issue

I have often pondered on whether adults can be taught ethics. As per crime triangle a person commits a crime when three factors are present – opportunity, reward and rationalization. Hence, if the opportunity is available with a lucrative reward, psychologically a person can rationalize a crime. Due to this, in context of India, teaching business ethics is a seemingly impossible task. The psyche of the society shows that corruption is acceptable way of getting ahead in business. The 3.3 rating in Corruption Transparency Index indicates that people are unwilling to take a corruption and crime free road. In their minds there is no positive take-away or reward for becoming honest and ethical. Hence, the challenge is to change CXO’s and employee perception about business ethics through promotion and prevention tactics.

Every dark cloud has a silver lining. In light of recent corruption scandals in India, corporate honchos are now concerned about governance issues. Economic Times on 13 June 2011 published survey results  on impact of scams on Indian economic growth. CXOs of 75 companies participated in the survey.  “72% have that sinking feeling that this crisis in governance is going to hurt economic growth. A majority of those surveyed feel the situation is serious enough to affect their business and investment plans in some manner; and 15% expect their plans to take a major hit.”  In the scams Central Bureau of Investigation is investigating a few known groups – ADAG, Tata, Essar, Unitech, Cisco etc. Corporate bigwigs have finally acknowledged that they are part of the problem. The survey states that – “Some 72% of respondents to the ET-Ficci survey and 64% of the CXOs who responded to the ET-Synovate poll feel that business houses are also responsible for the crisis of corruption”

The business heads realization that both the supply and demand side parties are responsible for corruption and unethical behavior can down-rail economic growth of the country is a positive sign for business ethics managers in India. Finally, they can get budgets for business ethics programs and trainings approved. It is a good to strike while the iron is hot. Here are my top three focus areas for improving an ethics program

1.    Build ethical culture into business processes and strategy

One of the business attitudes in India is that business cannot be done without paying bribes, hence receiving kickbacks is justified. The mindset is that an ethics program is not practical as business will suffer. For business growth some compromises need to be done. This thinking makes a code of conduct a document without much strength. Ethical behavior is considered insignificant in evaluating managers’ performance.

Hence, the need of the hour is to build ethical culture as part of business strategy. Processes for monitoring ethical behavior need to be implemented. For example, performance appraisals of employees should incorporate bonus points for the ethical means adopted to meet targets. If unethical methods are used to achieve targets some penalty points should be awarded. In recruitment itself, reject candidates who have falsified information even slightly.

 Next, in a few cases senior managers formulate strategies considering the political connections and propensity of politicians to accept bribes. Ethics managers must change this attitude of senior managers. Do this by assessing growth and risks on parameters of clean business operations. Present a business case to senior management emphasizing the political, legal and reputation risks in case unethical practices are adopted for implementing business strategies.

2.    Change Mindset of Employees

In India, even a youngster will tell you that it is practical to be corrupt. If a person speaks of ethical behavior, the person is most likely to be viewed as an idealist with their head in the clouds. This cynicism makes it difficult to implement an ethical work culture.

I could not find India specific data to illustrate my point. However, I did find a report “Character Study Reveals Predictors of Lying and Cheating” conducted by Josephson Institute. The results indicate that cynics are -“Three times more likely to lie to a customer (22% vs. 7%), inflate an expense claim (13% v. 4%), or inflate an insurance claim (6% vs. 2%).  Additionally, cynics are more than twice as likely to conceal or distort information when communicating with their boss (24% vs. 10%).” India has a huge number of cynics. Unfortunately, the business cost of this cynical attitude is never analyzed by organizations.

Organizations need to give ethics training to change perceptions and thinking. Providing classroom training or e-learning is not sufficient. Ethical training should involve group discussions, case studies, brown bag sessions and 1 to 1 meetings with senior managers to emphasize the importance of ethics. Secondly, ethics managers believe that once training is given their job is done. This thinking is incorrect. They should implement measurement and evaluation methods to judge the impact of training in employee behavior and decision-making. Lastly, ethics training is an ongoing process, not once in a blue moon session.     

3.    Make Code of Conduct Relevant

In my opinion, most of the organizations have a code of conduct that employees sign at the time of joining the organization. New recruits receive a brief overview of expected business conduct in the induction sessions. However, rarely organizations’ code of conduct is a living document. It is not unheard of that the code of conduct is too old and policies mentioned in it are not complying with the prevailing business and legal laws. The situation is that nobody bothered to update it regularly. Hence, these documents are not taken seriously.

In my view, this is a good time to review the code of conduct and implement the policies properly. For example, although organizations have sexual harassment policies, India reports one of the highest cases of sexual harassment. As per a recent report India is the fourth threatening country in the world for women. This clearly indicates that most organizations prohibit sexual harassment only in theory. As the procedures for filing a legal case are long drawn out with high social harassment, organizations may not feel the need to implement the policies. This definitely harms the ethical culture of the organization and the business environment of the country.

Closing thoughts

To make Indian organizations globally competitive at par with the multinationals building an ethical culture is a necessity. The war of talent is won by organizations that provide a comfortable and secure work culture to employees. Multinationals invest in organizations where they are sure of the ethics of the management teams. Customers prefer organizations fulfilling their corporate social responsibility. Look from any lens, adopting ethics pays in the long-run. This is the right time to do some internal selling and get management commitment for building an ethical work culture.


  1. Scams have hobbled reforms and economic growth is in peril: ET Survey
  2. Character Study Reveals Predictors of Lying and Cheating by Josephson Institute

Strong Risk Culture Benefits Strategic Risk Management

According to you, developing a strong risk culture is a new risk management fad, hyperbole or a necessity?  Moreover, if it is a necessity why are organizations not focusing on it? In my view, building a risk culture within the organization helps in achieving the strategic objectives of the company. Hence, while we think that the focus on risk culture is required to address operational and financial risks, it gains paramount importance for managing strategic risks. Now this statement may sound somewhat unconvincing to some of you, so here are the reasons for the same. 

As I had mentioned in the previous posts, corporate world is not doing a good job in formulating strategies. According to McKinsey survey, just 6.5% organizations have effective measures to develop strategies. Secondly, 32% in effective group and 51% in other group state that decision makers are averse to taking risks and see emerging business opportunities as riskier. As per the survey “Fall guys: Risk management in the front line – A report from the Economist Intelligence Unit Sponsored by ACE and KPMG” – just 41% of the organizations involve risk management function in formulating and implementing corporate strategy. The obvious point we are missing in this data is that CEOs and boards do not have the right information on associated risks for the selected strategies. The reasons are that either nobody down the line is aware of them or is unwilling to inform CXOs. Both these issues arise due to lack of a risk culture within the organization.   

Let us study how this problem on lack of information and/or communication on risks occur within the organization. A risk culture can be measured by the degree to which employees of the organization understand that all their business decisions result in some risks which need to be mitigated and have to be within the purview of legal laws. A KPMG survey on Risk Culture highlighted that “58% of corporate Board members and internal auditors stated that their company’s employees had little or no understanding of how risk exposures should be assessed for likelihood and impact. One-third of those same respondents also said that key leaders in their organization had no formal risk management training or guidance, with only 16 percent receiving at least annual training.” The results show that employees do not consider risks consciously or unconsciously while making decisions. Hence, from top to bottom of the organization makes decisions without a clear understanding of associated risks.

In case of operational decisions if the employee does not weigh risks, the decision can go awry later. Now add to this the problem of the organization having deviant organization culture or a passive aggressive culture. Here, the employees will have a “can do” attitude rather than “do the right thing attitude”. Management rewards employees for complete obedience instead of sharing ideas, the employees will not inform CXOs that their baby is ugly. The employees’ cleanup upward information flow of bad messages and ensure political correctness. Hence, the collective information available with CXOs to make strategic decisions is biased towards their perceived viewpoints and to some extent maybe inaccurate.  

The vicious circle works in a manner where everyone massages the information. For example, in organization ABC the national marketing head gave instructions to regional marketing head to sell X product. The regional marketing head sees various challenges in selling X product in the specific region because of local culture, however refrains from informing the national marketing head. He believes that his explanation will be considered as excuses not to market the product and he may be terminated because of it. Now the national marketing head has an incorrect view sales targets of X product as he overlooks the hesitation he noticed in the regional heads message. He happily presents the rosy picture to the CEO and board. The board approves another strategy based on this information. As in the whole chain, no one has highlighted and discussed risks; the likelihood of failure of the strategic decision is high.   

Some of the risks are not easy to understand and without a good risk culture, the red flags are ignored. A recent case is the Cadbury advertisement “Move over Naomi there is a new diva in town” Naomi Campbell reacted with dismay saying – “It’s upsetting to be described as chocolate, not just for me but for all black women and black people,” she said. “I do not find any humor in this. It is insulting and hurtful.” Whether the advertisement is racist or not is a secondary issue. Someone in Cadbury should have realized that a woman wouldn’t appreciate being objectified and compared to a food item however delicious it is. Common sense, I would say. Think of it, if a female compliments a man saying – You are like a pomegranate, hard from the outside, juicy inside. Would my male readers do a count as to how many find it flattering? Cadbury belatedly realized the obvious and apologized subsequently after suffering reputation and brand damage. While I am not aware of internal workings of Cadbury this incident shows that risks may not have been appropriately analyzed in decision-making.

Closing thoughts

Building a risk culture should be a imperative in the organization and if it is not then the risk managers and senior management are unable to see the forest from the trees. A healthy risk culture ensures leadership team gives consistent and clear messages regarding risk appetite, discusses ‘what can go wrong’ for each decision, prefers to do the right thing, rewards ethical decisions and punishes employees for inappropriate risk taking and unethical decisions.  Make risk culture the corporate DNA.


  1. Cadbury apologises to Naomi Campbell over ‘racist’ ad
  2. Risk Culture – KPMG Study

Reflections on Grant Thornton Chief Audit Executive Survey 2011

Grant Thronton conducted a US based survey of Chief Audit Executives (CAE) to find out the  developments in internal audit department (IAD) functioning.  The report Looking to the future: Perspectives and trends from internal audit leaders – Chief Audit Executive Survey 2011 in informative and is a good read for risk managers across geographies. Most of the issues raised in the survey are applicable to quite an extent to Indian internal audit departments. I am highlighting some of the common points below.

1.    Size of Departments

Of the 300 CAE’s participating in the survey, 75% relied on 10 or less employees and just 8% employed more than 25 employees. Secondly, 63% of the respondents stated that all internal audit activities are performed in-house. Just 2% have outsourced the internal audit function completely. The third aspect mentioned in the survey is the growing trend to focus on operational and compliance risks besides the financial risks. Of the total time available with IAD, 36% is allocated to operational risks and 33% of compliance risks. Ideally, under these circumstances the IAD size should increase. However, 73% respondents have stated that the size of the department will remain the same in 2011.

 The survey is focused on number of internal audit staff. It does not give details on the size of the organization in revenues or staff strength. As the third dimension is missing, it is difficult to assess optimum staffing of internal audit departments. A number of additional factors influence the size and structure of internal audit departments. Major contributors for determining size of IAD are – industry the organization is operating in ( example, banking is more audit intensive), mission and objectives of IAD, governance structure, maturity of risk management processes, technology used by IAD, salary cost of auditors and audit committee expectations. Most of these components are not analyzed in the survey. Hence, in my opinion though the data provided in the survey is interesting, it does not facilitate in making an informed decision.  

2.    International Focus

With globalization IAD in US are either providing supervision or directly conducting assignments in different geographies.  In the survey, 39% of the CAEs stated that some internal audit activities are being done outside US. Of this, 48% of CAEs stated that 25% of the work is performed in BRICS countries. Hence, the survey results emphasize the growing importance of emerging markets.

The survey highlights two other interesting aspects. Results indicate that 85% of US staff travels to other countries to conduct assignments. However, the survey hasn’t given any information on the IAD work being done by BRICS or other countries for the US team. For example, US companies outsource SOX compliance work to Indian business process outsourcing organizations. This work is quite substantial and reduces cost of US IAD department. Organizations have to watch out for the trend of IAD outsourcing testing and data analytics work to other countries and focusing instead on strategic risks.

 While work is outsourced, the IAD structure continues to be complex. The survey indicated that 69% of foreign internal audit personnel do not report directly to CAEs in the U.S. This data shows that IAD teams are still not globally integrated. This could be the weakest link for IAD of multinational organizations.  There may still be hurdles in sharing best practices, skilled resources, and maintaining independence of local audit teams.

3.    Use of Information Technology

While use of technology is taken for granted in most fields, IAD are still lagging behind. In the survey 44% of the respondents stated that GRC specific technology is not used optimally. Secondly, automated technology that facilitates GRC processes are used in just 54% of the organizations although 68% stated they are using data analytics. Auditors don’t sppear to be in love with information technology and that is not a good sign.

The GRC software enables audit planning, conducting tests and analysis, preparing work papers, dashboards and reports. The CAEs using GRC software reported that data analytics alone helped then improve audit processes, identify trends and increase audit coverage. 

The results clearly present a strong business case for using technology in IAD functions. In countries as in India, where annual salary cost of auditors are low in comparison to cost of automating, the hesitation to use technology is higher. However, reliance of manual auditing processes reduces efficiency and quality of audit. Hence, with increasing complexity on GRC functions, IAD should be gunning to use technology for their work.

Closing thoughts

The survey has raised excellent points relating to board relationships, internal auditors career paths, risk management and focus on fraud investigations. If you are planning the audit strategy for the next quarter, read this report. While some aspects look like old wine in a new bottle, some give fresh insights and may give clarity in thinking.

Baba Ramdev, Black Money & Business Ethics

Anna Hazare

In April 2011, a portly old man, Anna Hazare came to Delhi to protest against corruption. He went on a satyagraha (protest fast until death) to force government to pass the Lokpal Bill that is circulating in parliament for last 40 years. The public support for Anna Hazare’s protest forced the government to accept his terms. On June 4, Baba Ramdev, a yoga guru will don the mantle for protesting against government’s inaction on black money stashed away by individuals in foreign banks. Prime Minister Manmohan Singh is attempting to sweet talk Baba Ramdev out of the fast, but the man is adamant. He said in an interview – “On June 4, there will be a satyagraha (protest fast) in Ramlila Maidan as well as in 624 districts across as crores of people want the country to be rid of black money, corruption and demand a change in system.”

The black money problem is extremely serious in India. It is making the country hollow. It impacts economy negatively as foreign investors are shy of investing in highly corrupt countries. The society values are deteriorating as corruption has settled in public psyche. White-collar crime is increasing as people consider it as a means to achieve material ends. The powerful and rich are not stigmatized or punished for using inappropriate means to gain wealth. Global Integrity Taskforce report — The Drivers and Dynamics of Illicit Financial Flows from India: 1948-2008 stated – “Utilizing the World Bank Residual Method and IMF Direction of Trade Statistics, the hard data indicates outflows over this 61-year period of $213 billion. Adjusting this for accumulated interest on gross illicit outflows increases the figure to $462 billion”. Some media reports have indicated that it is nearly a trillion dollars. Compare this to India’s total GDP of $1.43 trillion for 2010. Besides this data, the Corruption Perception Index (CPI) reflects the magnitude of the problem.  In 2010, India’s score was a pathetic 3.3 as per CPI issued by Transparency International. It ranked 87th amongst 178 countries checked and came under highly corrupt countries. This paints a dismal picture for the country.

Spates of scams and corruption charges in 2010 have agitated the public. The scenario was never so bad. The media disclosures, which came one after the other (Common Wealth Games, 2G Telecom scam, Niira Raida tapes, and Hasan Ali tax evasion), put the government on the defensive. Sonia Gandhi a few months back publicly acknowledged the situation sayingOur economy may increasingly be dynamic, but our moral universe seems to be shrinking. Prosperity has increased, but so has social conflict. Intolerance of various kinds is growing… We are right to celebrate our high rate of economic growth. We must do all that we can to sustain it. However, let us not forget that growth is not an end in itself”. However, this was more of political posturing with fine words butter no parsnips. Prime Minister Manmohan Singh had  said in 2009, that he will initiate action within 100 days to recover Indian black money- estimated to be Rs one lakh crore – stashed abroad. There is still no action on this front. Except for a few names, government hasn’t made any disclosures. Baba Ramdev is forcing the government to be accountable.

Anna Hazare’s protest has definitely yielded some results and has forced the government to demonstrate it seriousness in eradicating corruption. In the last few months, the CBI investigations against the high-profile cases have resulted in arrest warrants. A number of big names presently are in judicial custody for white-collar crime, and this is a first for India. The roll call runs as follows:

Common Wealth Games (CWG) Fraud

  • Suresh Kalmadi – Member of Parliament, Ex-Head of Organizing Committee (OC) of CWG
  • Lalit Bhanot – OC’s General Secretary  
  • V K Verma – OC’s Director General

2G Telecom Scam

  • A. Raja – Ex-Minister of Telecom
  • Kanimozhi – Member of Parliament, daughter of DMK leader and ex-Chief Minister of Tamil Naidu  M. Karunanidhi
  • Siddhartha Behura- Former Telecom Secretary
  • R. K. Chandolia- Raja’s Personal Secretary
  • Sharad Kumar – CEO Kalaignar TV
  • Vinod Goenka – Swan Telecom Director
  • Sanjay Chandra – Unitech Wireless (Tamil Nadu) Ltd Managing Director,
  • Gautam Doshi, Surendra Pipara and Hari Nair- Senior Executives of Reliance ADA Group

Income Tax Evasion & Black Money

  • Hasan Ali Khan- Stud farm owner
  • Kashinath Tapuriah- Business Associate of Hasan Ali

The who’s who of government and corporate world are in the list. The Civil Society members’ courage is shaking the deep foundations of corruption in the country. Business honchos are spending sleepless nights and government is running for cover.

On the other hand, the Civil Society members are unfazed by the difficulty of the task. They are unrepentantly creating a ruckus. As Anna Hazare gleefully says “I have taken six wickets and there are many more to go”. He is referring to the number of politicians who resigned after his protests. . The means adopted by them can be questioned, but not their good intentions. They are being criticized that they are tampering with the democratic process. It is interesting when ministers accept bribes there are not many statements made that they are making mockery of democracy. The Civil Society members don’t give two hoots to the criticism leveled at them. Their attitude is “So what if it is blackmail. We are doing it for a good cause.” The devil may care attitude is contagious and garnering support


Baba Ramdev

It is a tragedy that business ethics and compliance professionals haven’t taken the lead in it. Chartered accountants fear that they might be held responsible for suggesting to clients innovative tax planning solutions and deal restructuring that bypasses the laws. The irony is that a yoga guru and an ex-army man are leading the most critical business ethics initiative in India. Maybe Indian professionals need to take a leaf out their book and relearn some lessons. The nation will have a lot to be grateful for the actions of the Civil Society members. The unlikely duo, Baba Ramdev and Anna Hazare are going to rock India this weekend. I am looking forward to this Saturday. Maybe a new chapter in business ethics will open this weekend.


  1. Baba Ramdev Sify news
  2. The Drivers and Dynamics of Illicit Financial Flows from India: 1948-2008 – Global Financial Integrity
  3. PM breached parliamentary propriety, says BJP