IA Magazine DEC ENG1 PDF

DECEMBER 2014 WWW.INTERNALAUDITOR.
ME
Using Feedback from Auditees to

Enhance Internal Audit Performance
Global Developments that are

Changing Internal Audit
INTERNAL AUDITOR A Look Into the Characteristics and

MIDDLE EAST Behaviors of the Typical Fraudster
SHAPING TALENTED
AUDIT TEAMS
The top 10 innovative professional
development programs for internal auditors
INSIGHTS ON GOVERNANCE, RISK MANAGEMENT AND CONTROL

From The President
The Time for Research

Dear Readers,
Over the past quarter, weve continued to see the Institute of Internal Auditors (IIA)
Research Foundation release various insightful reports on the internal auditing
profession globally. Similarly, weve seen new reports being released by local IIA
institutes such as the UKs Chartered Institute of Internal Auditors, the IIA Netherlands
and others. All of these professional bodies have been working on researching topics
important to internal auditors so that they can embody the IIAs motto of Progress
Through Sharing.
The UAE Internal Audit Association (UAE-IAA) is no different. Over the course of a
short period of time, we have successfully translated to Arabic the Certified Internal
Auditor Study Materials & Exam, Sawyers Guide for Internal Auditors (6th Edition) and
we are working on translating the 2013 COSO Internal Control Integrated Framework.
These efforts have made such publications more accessible to internal auditors in our
region, and now the time has come to develop our own thought leadership through 2
major initiatives:
1. Risk Management Practices and the Role of Internal Audit: This study, which is
well under way, will produce original research relating to non-financial institutions in
the UAE. Weve assembled a dynamic team consisting of both academics and internal
audit practitioners who will reveal the results of this study in our 16th Annual Regional
Audit Conference which will be held in early 2015.
2. Global Internal Audit Common Body of Knowledge (CBOK): This is the
centerpiece of ongoing research efforts conducted by the IIA Research Foundation. As
part of CBOK, the IIA will be conducting its 2015 Practitioner Survey covering over
100 countries. In addition to the global results, we will use the data collected from this
survey to produce UAE specific insights.
These efforts would not be possible had it not been for the support of our strategic
partners, members and volunteers who work tirelessly to promote the internal audit
profession. We ask all our members actively support our research efforts as we can only
succeed with their cooperation and participation.
On a final note, I am pleased to announce that thanks to the efforts of volunteers from
the Editorial Advisory Committee, we have completely revamped the website of Internal
Auditor Middle East to a site we hope you will all be proud of.
Please visit www.internalauditor.me and share your feedback with us.
I wish you all a very happy and prosperous 2015.
Sincerely,
Abdulqader Obaid Ali

President
DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 1

REACH NEW INTERNAL
AUDIT HEIGHTS
CONNECT | SIMPLIFY | PERFORM
ACCELUS AUDIT MANAGER

Internal audit is being asked to evolve beyond the third line of de-
fense or ticking regulatory boxes. Boards and senior management
now value the insight and analysis that a strong audit function can
deliver. Accelus Audit Manager can help:
Liberate audit teams from manual tasks

Enrich your dialogue with the business
Drive enhancement of audit quality
Deepen engagement with your board audit committee
Contribute to business operational excellence
For more information on Accelus Audit Manager please visit:

http://accelus.thomsonreuters.com/
2014 Thomson Reuters. All rights reserved.

INTERNAL AUDITOR
MIDDLE EAST DECEMBER 2014 WWW.INTERNALAUDITOR.ME
F E AT U RES
16 COVER STORY: Shaping Talented Audit Teams Innovative ways to improve the
skills of your internal audit team and increase their business acumen. BY BRUCE TURNER &
JACQUELINE TURNER
22 Auditee Feedback 24 Board & C-Suite Driv- 28 Inside the Mind of a

Feedback Internal auditors en Assurance: The Dawn Fraudster
can use positive and honest of a New Era What characteristics and
feedback at various stages in Recent developments in behaviors does the typical
the audit process to improve governance and regulation fraudster display? Recent
their performance. will have a profound impact surveys and studies can help
BY LALIT DUA on internal audit approaches. shed light on this.
BY TIM J. LEECH BY ROBIN SINGH
DE PARTMENTS
4 Reader Feedback 10 Governance 20 Human Resources
Perspectives Five characteristics of
A healthy corporate culture is a successful chief audit
5 Knowledge Update essential to good corporate executive.
New Reports from IIA UK and governance and therefore it BY AYMAN ABDELRAHIM
Netherlands; Data Analytics; should be audited.
Risk Management Guidance
for Boards; Business Continui-
BY ROBERT NOYE-ALLEN & KAMI 30 Fostering
NUTTALL Fundamentals Having
ty Management.
BY VISHAL THAKKAR 12 Conversations with proper controls around
construction projects
Colleagues
Harsh Mohan talks about the provides better information
8 UAE-IAA Events important role of internal and increases the chances
auditing in risk management. of success.
BY KETAN BHOOLA
BY FARAH ARAJ

Reader Feedback We want your views on the articles and the magazine! Share your
thoughts and feedback with us via email at editor@internalauditor.me
be cautious and avoid commenting on I applaud the clarity with which articles
the strategies selected by management. were written; they have a good amount of
Since internal audit should determine the interesting material without being too long
effectiveness of the IT strategy, therefore winded or full of jargon. I especially liked
we do need to question and understand the the conversation with Deloittes leadership
business case for the various IT initiatives team (Tariq Ajmal and Fadi Sidani) and
and how they map to the enterprise GRC by Satish Yadav. I agree with Tariq
objectives. For us to be seen as partners, we and Fadi on the fact that technology is
do need to raise risks we identify in various changing the internal audit profession
initiatives undertaken by management and that the future focus should be on
and not just raise risks relating to the data analytics and cybersecurity. I also
strategic planning process. Very often I like Statishs view how GRC technology
find that business cases developed are not is the way to improve and streamline risk
fully justified and mislead management to management efforts. However, I would
making the wrong decisions. have liked to see insights on top IT risks
relating to ERP technologies like SAP and
Nada Al Chalabi
Oracle. This is because not all companies
Senior Audit Manager
Information Systems in the UAE have even implemented full-
Disagreements on Information Dubai, UAE fledged ERPs and may are in still in their
early stages. Going forward, I would like to
Technology Strategy
see more IT related articles in the magazine
on a recurring basis as IT is an integral part
The article Information Technology Enjoyed the Information
Strategy (Sept 2014) was a very interesting of an effective internal audit process.
Technology Special Issue
read and in particular because it reflected Rahul Vaid
the views of a Chief Information Officer. IT Auditor
I read with interest the articles published
However, I did not agree with his Abu Dhabi, UAE
in the IT Special Issue (Sept 2014) of
recommendation for internal auditors to
Internal Auditor - Middle East magazine.
UAE INTERN AL AU DIT ASSOCIATION C ONTAC T I NF OR MAT I ON

BOARD OF GOVERNORS ADVER TISING & ADMINIS TRATION
Ah med Al An sari; Kh alid Al Hal yan ; Ya s m i n e A b d E l A zi z
M oh am ed Al Harth i, M BA, CRM A; ya s m e e n @i i a u a e . o rg
UAE Internal Audit Association
Ab d u lq ad er Ob aid Ali, CRMA, Te l : +9 7 1 4 4 3 3 9 0 8 2 an IIA Global affiliate
INTERNAL AUDITOR
MIDDLE EAST CFE , QIAL; Naseeb a Alrais, M SC; EDIT ORIAL
Ayesh a Bin Lootah , M BA; Naeim a I n te rn a l A u d i to r M i d d l e E a s t i s p u b l i s h e d q u a rte rl y b y t h e
D E C E MBER 2 0 1 4 F a ra h A ra j U A E I n te rn a l A u d i t A s s o ci a ti o n ( U A E - I A A ) , 8 th F l o o r, B u ild in g
VOLUME 2014: 4 M oh am m ed Al M en h ali, MSC, CRM A; e d i to r@i n te rn a l a u d i to r. m e
Ali Al Mu waijei M AFB, M FA,CRM A, 4 , T h e G a l l e ri e s , D o wn to wn Je b e l A l i , D u b a i ,
Te l : +9 7 1 5 0 8 5 0 1 7 8 0 P. O. B o x 9 0 9 1 9 , U n i te d A ra b E m i ra te s
PRESIDENT CT 31000; Nah la Al Qassim i, Ph .D.,
A b d u l q a de r Oba id Ali CRMA, CCP, CCA DESIGN & PRINTING
G i ri s h M e h ta
EDIT OR EXECUTIVE COMMITTEE COMPLIMENTARY TRANSLATION PROVIDED BY:
A d ve n tu re G l o b a l
F a r a h A ra j ( Ac t ing) Raza Ab d u lla; Ab d u lrah man Al Hareb ; g i ri s h @a d ve n tu re - g l o b a l . co m
EDIT ORIAL ADVISORY COMMITTEE Arin d am De, M BA, CFA, QIAL; Karl Te l : + 9 7 1 4 3 9 3 7 6 9 6
A se m A l N a se r, CPA, CIA, QIAL ; Hen d ricks, CIA, CCSA, CQA; Ru stom
S. Kreid l y, CPA, CRMA; Karem Ob eid ARABIC TRANSLATION & LAYOUT
F a r a h A ra j, CPA, CIA, CF E, QIAL ;
Fad i Sid an i, CPA, MS; Ra b i You ssef, Hossam Samir
M a j e d Buk ha she m; Andre w Co x,
CPA; Ad n an Z aid i, CRM A, ACA, M BA, E l a p h Tra n s l a ti o n
M B A , M E C, CF IIA, CIA, CIS A, CF E ,
h o s s a m @e l a p h tra n s l a ti o n . co m DISCLAIMERS
C G A P, MRMIA; Ra ymo nd He la ye l, CPA, CCSA, CIA, CFE , CIPFA
Te l : +9 7 1 4 3 3 1 0 3 3 2 I n te rn a l A u d i to r M i d d l e E a s t i s i n te n d e d o n l y f o r m em b er s
C I A ; M e e na k shi Ra z da n, CA, CPA CIA, GENERAL MAN AGER
C F E ; H o s sa m S a m y, CRMA, CF E, CPA, Samia Al You su f GUIDELINES F OR AUTHORS o f th e I n s ti tu te o f I n te rn a l A u d i to rs i n th e M i d d l e E as t an d
C G A ; N a ge sh S ur ya na ra ya na , MBA, www. i n te rn a l a u d i to r. m e a s s u ch i t i s n o t i n te n d e d to b e s o l d o r re - s o l d b y an y p ar t y.
TEAM T h e vi e ws e xp re s s e d i n I n te rn a l A u d i to r M i d d l e E a s t
C I A , C C SA; J a me s Te b bs, CA; Vis h al
Aish a Akh tar; Yasmin e Ab d E l Aziz; a re s o l e l y th o s e o f th e a u th o rs , a n d d o n o t n e ce s s ar il y
T h a k k a r, ACA, CIA; Issa m Za ghlou l,
Bassam E l Ba g h d ad i; Lorn a Mu n g kal; re p re s e n t th e vi e ws o f th e U A E - I A A o r th e a u th o rs
M Sc , C I S A, CIS S P, CG EIT
You ssef M u stafa; Aileen Pela g io re s p e cti ve e m p l o ye rs .
ARABIC REVIEW TEAM I n te rn a l A u d i to r M i d d l e E a s t i s a p e e r- re vi e we d ma g az in e
Ay m a n Abde lra him, MQM, CIA, CCSA, a n d d o e s n o t ve ri fy th e o ri g i n a l i ty o f th e co n te n t s ub m it t ed
C F E ; Kh a lid M. Alo dha ibi, S O CPA; b y th e a u th o rs .
Q a i s H a mda n, CIS A, CIS M, P MP ;
Wa l e e d Sw e ime h
INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

Knowledge Update
B Y VI S H A L T H A K K A R
The IIA UKs 2nd Annual Survey of

Heads of Internal Audit 87%
of executives believe
The Chartered Institute of Internal Auditors (IIA UK) has released its Governance and reputation risk is
Risk Report 2014 which discusses internal audits perspective on the management of the most important
risk. As part of this annual survey, the IIA UK obtained the views of 247 Heads of Internal
Audit from the UK and Ireland. The report provides insight on: strategic risk
Source: Deloittes 2014 Global Survey on
Risk maturity. Reputation Risk
Top risks internal auditors are focusing on. http://www2.deloitte.com/global/en/pages/
Reporting relationships of internal audit. governance-risk-and-compliance/articles/
The competencies that internal audit need to function effectively. reputation-at-risk.html
Over the past year, there has been a marked increase (from 68% to 82%) in the number of
heads of internal audit reporting functionally to the chair of the audit committee which is
results in an increase in internal audit effectiveness. However, there was little change in the
amount of respondents (57%) who felt the level of risk maturity in their company was well
established.
42.8
In terms of the skills needed by internal auditors, the top 3 skills identified by respondents
were 1) Communication Skills, 2) Problem Identification and Solution Skills and 3)
Knowledge of Industry, Regulatory, and Standards Changes. The report also covered
million
is the total number of
quality assurance and the results show that over 60% of respondents had an External security incidents detected
Quality Assessment carried out by an independent party in the past 5 years. This figure in 2014
rose to 75% in the financial services sector.
https://www.iia.org.uk/policy/wwwiiaorgukgovandrisk2014/
Combining Internal Audit and the

Second Line of Defense
The IIA Netherlands published a report titled Combining Internal Audit and Second
Line of Defense Functions?. The report discusses the pros and cons of combining internal
audit and second line of defense functions. The main question the report tried to answer
is whether the Internal Audit Function can work independently and objectively while
providing support to areas such as risk management, compliance and internal controls.
The main conclusion from the research and round tables conducted was that combining
internal audit and second line of defense functions is not the preferred solution
considering the Three Lines of Defense model and the as well as safeguarding the auditors
35%
independence and objectivity as advocated by the Institute of Internal Auditors.
The report also covered the basic conditions and safeguards which should exist when of security incidents are
combining internal audit and second line of defense functions: carried out by current
employees of a company
Internal audit should not make managerial decisions.
Internal audits role should be formalized in the internal audit charter. Source: PwCs Global State of Information
Segregate the persons carrying out such responsibilities from the core Security Survey 2015
http://www.pwc.com/us/en/cfodirect/
internal audit team. issues/cyber-security/global-information-
http://iia.nl/actualiteit/nieuws?newsId=1613 security-survey-2015.jhtml

Knowledge Update
EY Report on How Internal Audit Can New Practice

Add Value with Data Analytics Guide on Business
Continuity
Management
The Institute of Internal Auditors
(IIA) has released a new practice guide
demonstrating how the internal audit
function can help businesses keep running
in the event of a cyber attack or a natural
disaster. The practice guide shows how
internal auditors can provide assistance
in business continuity management. The
Big data is fundamentally changing the way the enterprise operates, and Internal Audit IIA noted that internal audit functions
(IA) cant afford to be left behind. This is the main theme of a publication released by EY typically have the skills, qualifications and
titled Harnessing the Power of Data which discusses how internal audit can embed data in-depth knowledge of the organization to
analytics into its processes in order to deliver more value to the business. help develop, implement and evaluate the
effectiveness of such plans.
EY stresses the fact that building analytics capabilities is a journey that will take significant
time and effort and defines 3 stages of analytics: The goal of business continuity
management is to restore critical
1. Descriptive Analytics: This relates to reporting on and understanding what has already operations, manage communications and
happened whether in real time or after the fact. minimize financial and other effects of
2. Predictive Analytics: Understands the relationships between input and output to disaster. According to the new practice
predict what will happen in a given scenario. guide, a good crisis management plan is
3. Prescriptive Analytics: This is the most advanced stage and is designed to determine like a company insurance policy - it helps
to ensure that the organization remains
which decision or action will produce the most effective results.
viable and meets stakeholder expectations.
Internal audit can maximize its ability to monitor key risks through timely identification
IIA members can download the practice
of high-risk journal entries, early identification of potential accounting surprises and
guide for free by visiting:
continuous auditing of all transactions flowing through the general ledger.
https://global.theiia.org/standards-guidance/
Further, and using the example of vendors, data analytics is not just about routine business recommended-guidance/practice-guides/Pages/
information (e.g. amount sold, average price) and goes down to lower level, higher-volume Business-Continuity-Management-Practice-
data (e.g. line item detail for purchase orders and invoices). Such detail allows internal Guide.aspx
audit to use data analytics in its annual risk assessment, in its regular audits as well as for
special projects.
http://www.ey.com/GL/en/Services/Advisory/EY-internal-audit-harnessing-the-power-of-analytics
New Guidance for UK Listed Companies

Last quarter the Financial Reporting Design and implementation of One of the unique considerations
Council released new guidance for Risk appropriate risk and control systems recommended for board members
Management, Internal Control and Related which allows for a robust assessment of involves, determining the culture the
Financial and Business Reporting. This major risks. board wishes to embed in the company,
guidance integrates and replaces Internal Determining the companys risk and whether this has been achieved. This
Control: Guidance to Directors (formerly appetite. involves communicating the desired values
known as the Turnbull Guidance) and to management and considering whether
Fostering an appropriate culture and
reflects changes made to the UK Corporate the leadership style of the company
reward system.
Governance Code. undermines the risk management and
Agreeing on how to manage major risks. internal control systems.
This guidance focuses on elements of best
practice for risk management and defines Monitoring and reviewing risk https://www.frc.org.uk/Our-Work/Publications/
the responsibilities of the board which management and internal control Corporate-Governance/Guidance-on-Risk-
include: systems. Management,-Internal-Control-and.pdf

TeamMate
Analytics
Data analysis for every audit
Integrates with TeamMate Audit Management
System and available for standalone use
Learn more at
TeamMateSolutions.com/Analytics
or call +44 207 981 0556
Copyright 2014 Wolters Kluwer Financial Services, Inc.

All Rights Reserved. 3642
UAE-IAA Events
B Y SAM IA A L Y O U S U F
Construction Subgroup Meeting
The UAE Internal Audit Association Construction Subgroup held its first Business Event, which was hosted by the UAE Society of Engi-
neers, in Dubai on 23 September 2014. The event was attended by Abdulqader Obaid Ali along with with Syed Imtiaz (Chairman of the
Construction Subgroup) and Hakim Lalipurwala (Vice Chairman Construction Subgroup) who discussed areas of mutual cooperation
with Maged Farouk Hanna, General Manager of the UAE Society of Engineers.
In addition, Mike Lewis (Head of Internal Audit at Abu Dhabi Airports) and Mr. Matt Irvin (Senior Project Manager) delivered a pres-
entation titled Risks in Supply Chain Management in Mega Construction Projects. The presentation highlighted the mechanisms used
by Risk Management and Internal Audit to manage and mitigate the various risks faced in a mega construction project. The speakers
informed the participants about the Three Lines of Defense framework to help improve overall effectiveness of risk management and
internal audit.
Launch of the Hospitality Subgroup
The UAE Internal Audit Associations Hospitality Subgroup held its first meeting on 15 October 2014 at Abu Dhabi National Exhibitions
Company. The session was well attended and led by the Hospitality Subgroup Chairman, Aldrin Sequeira, who is currently the Chief
Internal Audit Officer for the Jumeirah Group.
The session also had 2 interesting specialist presentations. The first of which was a presentation by Deloitte led jointly by Grant Salt-
er (Director- Head of Travel, Hospitality and Leisure Advisory) and Hossam Samy (Principal - Enterprise Risk Services) discussing
Hospitality: Middle Eastern Trends, Challenges, and how the Internal Audit Profession can Support the Growth. This was followed by
an interactive session by Protiviti on Corporate Governance in the hospitality sector led by Nagesh Suryanarayana (Director - Internal
Audit and Risk Advisory Services).
Organizations are now trying to align their corporate governance frameworks in line with leading practices globally and local regulatory
mandate. Some key examples include, establishing internal audit functions, risk management frameworks, board evaluation matrices,
establishing board sub-committees, enhancing reporting and disclosures frameworks, explained Nagesh.

KPMG is a global
network of professional
firms providing Audit, Tax
and Advisory services.
We have more than
155,000 outstanding
professionals working
together to deliver value
in 155 countries
worldwide.
Governance Perspectives
B Y R O B E RT N O Y E - A L L E N AN D KAM I N UT TAL L
Auditing Culture
Can internal auditors
really give adequate
assurance on corporate
governance without
auditing corporate
culture?
Internal auditing is an evolving discipline, not least due to chang- interpretation. In the case of Lehman Brothers, for example, their
ing business environments and stakeholder priorities. In 2014, risk appetite could be interpreted as being high, and they seeming-
auditing culture has emerged as a new area of focus a response ly ignored the signs that suggested that the subprime market was
to growing awareness that hard controls arent the only ones that experiencing a high number of defaults. Executives were still paid
matter. Soft controls that stem from a companys culture are also highly despite company underperformance. Decisions were taken
vital for good governance. to hide some of the companys liabilities resulting in a misstate-
ment in the balance sheet. The companys culture was tied to risk
Corporate culture is not only about the values an organisation
taking behaviours and a poor control environment.
espouses, but also how the organisation lives them. The desired
values need to be communicated, embedded and monitored. The On the other hand, good culture does seem to support good per-
extent to which these values are being applied is a legitimate sub- formance. The success of global brands such as Apple and Google
ject for internal audit reporting, although there are challenges in could be attributed in part to their powerful cultures that bind
applying this philosophy. people together and set the tone for high performance.
Guidance recently issued on the subject by the Chartered Institute Internal auditors are primed to understand their organisations
of Internal Auditors in the UK and Ireland, recognises that audit- control environment, in line with COSO 2013. However, that
ing indicators of culture is complexinternal auditors need to be control environment needs to be considered in the context of
comfortable in their understanding of culture and risk culture. both hard and soft controls. The challenge for internal auditors is
that assessing the effectiveness of soft controls is very different to
Chief Audit Executives should ask themselves: can we really offer
assessing the effectiveness of hard controls.
adequate assurance on the effectiveness of our organisations gov-
ernance, risk and controls if we havent given any consideration to A useful starting point is to consider what we mean by soft con-
the culture and risk culture of our organisation? trols. They include:
If there is any doubt about the importance of assessing the ap-
Commitment to ethics and integrity;
plication of stated values, consider Enron and its stated values of
Attitudes to risk taking;
community, respect, integrity and excellence. But where is it now?
Board oversight of performance and internal control;
Examples from elsewhere around the world (Lehman Brothers,
Accountabilities, responsibilities and structures;
AIG, and Nortel) also indicate there is a powerful link between
Reporting lines; and
poor culture and performance, and ultimately corporate failure.
Recruitment practices a commitment to attract the right
Cultural indicators are not always easy to recognise and rely on people in line with the organisations objectives and values.

TO COMMENT on the article,
EMAIL the author at kami.nuttall@moorestephens.com
Governance Perspectives
Recommendations for auditing culture retention packages does the company offer, and is it linked
to performance?
Consider what kind of culture the organisation
champions, and how this is measured across Remember that hard control issues are indicators of soft
operations. For example, does your company have stated control weaknesses. For example, consider the frequency
values and what type of indicators exist for measuring with which controls are overridden, as this could be an
that employees are living the values? Does your indicator of managers who are interested in outputs at
organisation use staff surveys to under stand employee any cost. Also, consider the effectiveness of
attitude and behaviours? Does your senior management communications, what is the company telling employees?
team listen to employees and take action when necessary? Is information transparent or secret? Are auditors
Do they operate an open or closed door environment? evaluating final reports for evidence or indication of
culture related issues?
Ensure corporate culture is considered within your
organisations risk management framework. Who owns Consider the broader messages and not just the
it? For example, what does your risk management policy symptomsderived from individual audits. If material
say about risk culture? What kind of risk culture does the weaknesses have been identified, root cause analysis (e.g.
company promote and how does it compare to reality? asking the question why? 5 times) will help identify the
Does the companys risk taking activities match its risk reasons why an issue has occurred, and whether there is an
appetite and stated policies? underlying problem that is linked to corporate culture and
values.
When it comes to developing the internal audit strategy
and annual plans, agree with your board and executive Comment on corporate culture (informed by your
team what culture means to the organisation and a form of consideration of soft controls) in your annual assurance
reporting on softer issues to maintain confidentiality and to the business. This could be through a reflection of
sensitivity. Ensure your audit and risk universe whether audit confirms or validates that corporate values
incorporates culture as a viable audit entity or as a theme are lived. This could be a result of an evaluation of
which cuts across all audits. Ensure internal audit plans all final audit reports issued during the year. Consider the
are designed to seek evidence of softer controls such as processes management has in place for engaging with staff,
leadership, ethics and values. This will require judgement and ensure these processes are two-way/ reciprocal.
based on sound knowledge. The Chartered Institute of Support your experienced auditors and encourage them to
Internal Auditors talks about using gut instinct when ask questions that address cultural issues and soft controls.
forming a view.
Ensure your internal audit team has the necessary training
The COSO framework provides a good basis for and interpersonal skills to pick up on and understand
evaluating a companys control environment, and ascer indicators of cultural issues. Ask yourself who is the most
taining what kind of control culture exists. For example, appropriate individual to conduct a review of culture.
are decisions decentralised or centralised? What tone is set
by the Board? Is there a good relationship between the Always audit with your head up be aware of what is
Board and the Executive? What kind of reward and going on around you.
Traditionally internal auditors are wary of providing subjective This sounds challenging and it is. Auditing culture is not
judgement, we are hardwired to believe that professional judge- necessarily about people, but about behaviours, attitudes and,
ment should underpin opinions. Auditing soft controls and organ- fundamentally, values. Nevertheless, it is a challenge that internal
isational culture requires a certain attitude of mind and awareness. auditors need to accept if they are to provide the more rounded
It requires an understanding of the iceberg effect: what is hidden assurance on governance, risk and controls that their stakeholders
from view may be of greater potential impact than what is visible. require of them. Corporate culture is an emerging agenda item,
It also needs the capacity to put individual audit pieces together to being pushed by regulators and stakeholders. It can no longer be
form the bigger picture: local reports and recommendations need ignored. It is a key part of every companys second line of defence.
to be considered from an organisation-wide perspective to see if
any patterns emerge. Many internal auditors are exploring ways in ROBERT NOYE-ALLEN is a Partner in Moore Stephens LLP
which to encompass culture within their opinions. KAMI NUTTALL is the Head of the Centre of Excellence in the
Governance, Risk & Assurance Group of Moore Stephens LLP

Conversations with Colleagues
B Y FAR A H A R A J
Harsh Mohan
Etihad Airways
Senior Vice President
of Audit, Compliance
and Risk shares his
experience on the role
of Internal Audit in risk
management
I
n an exclusive interview, Internal management. Before joining Etihad, he was
Auditor - Middle East spoke to Harsh the Auditor General Auditor and Senior
Mohan, CPA, CA, who joined Etihad Director of Business Transformation at Air
Airways (Etihad) in 2011 and is now the Canada. Harsh is an active supporter of the
Senior Vice President of Audit, Compliance UAE Internal Audit Association (UAE-
and Risk. He started his career over 31 IAA) and a prominent speaker on the topic
years ago in internal audit and used the of risk management.
experience gained to successfully work
across various functions in the airline Internal Auditor - Middle East met with
industry including finance, procurement, Harsh Mohan at the Etihad Airways Head
risk management and strategic cost Office in Abu Dhabi.

EMAIL the author at farah.araj@gmail.com Interview
How important is risk management to Does this approach impair your mitigate capacity constraints? This could
Etihad? departments independence? include audits of project oversight, baggage
(Smiling) Our business is managing risk. No. We do not own the risk mitigation handling, customer services etc. I also sit
I want you to think of a metal cylinder process. The assessment of risk and as an observer on the Midfield Terminal
which is 70 meters long, has 400 people, corresponding facilitation sessions with project committee to understand how
with engines operating at temperatures management are the roles performed by management is addressing the capacity
around 1,000 degrees Celsius, packed Internal Audit. As my title suggests, we strategic objective.
with 100,000 liters of fuel and travelling deal with risk and not risk management,
at a speed of over 800 km/h. This is, very differentiating between the two. We make The company which
simply put, what an airplane is. But the a clear distinction between our role and
passengers are reclining, watching videos, managements responsibility to manage manages its risk the
listening to music and are completely risks. Our approach is based on the IIA
comfortable. This is what risk management position paper on Internal Audits role in best is the one which
is all about; taking an inherently high
risk such as safety and managing it to a
Risk Management and each stakeholders
role in the Risk Management process is
succeeds
residually low level. clearly defined.
Also to give more comfort to our Board What about Internal Audits role in
What role does Internal Audit take with and regulators, we have a separate team providing insight on emerging risks?
respect to risk management at Etihad? within the department which carries Risk management is an ever evolving
At the start of every internal audit plan, we out the risk assessment and facilitation process! Take for example the CEBs
carry out a thorough risk assessment, and sessions. This team reports through me to (Audit Plan Hot Spots - https://www.
based on inherent and residual risks, we the full Board. This process of reporting executiveboard.com) views on the top risks
formulate the internal audit plan. Doing to the Board makes the risk management from 2010 2014. You will notice that the
proper risk assessments is a complex task process more effective. top risks have changed over the past five
which requires deep knowledge of the years. Now one of the major emerging risks
business. It also requires a high level of How is Internal Audit able to assess and is cybersecurity. When carrying out our
independence to report on major risks provide assurance on risks to strategic assessment of risk, we need to focus on
in a fair manner and for these risks to be objectives? such areas and ensure that management
acknowledged by management. Internal Every risk management framework refers and the Board are made aware of them.
Audit has a solid understanding of the to risk as something which impedes the
business and is sufficiently independent achievement of your objectives. We start Some chief audit executives may not be
of management. It therefore makes sense our strategy by defining our top strategic providing advice or assurance on risk
to use the risk assessment carried out objectives and cascading them downwards management. What are your thoughts on
by Internal Audit as the basis for the to the business units and individual this?
companys enterprise risk management departments. When we assess risk, we look As the needs of the business evolve, there
framework. In most non-financial services at objectives from all three layers, and this will be a need for Internal Audit to evolve
institutions, having a separate function way, it focuses on adding value to what to support the business. Internal Audit
carry out this role would be a waste of really matters to the business. has the skills required to support the risk
resources. So we send the risk assessment For example, one of our strategic risks management process and add value to
results to senior management so they can is the capacity of Abu Dhabi Airport to the business. By focusing on risk, Internal
identify existing or required controls that support our growth. We are expecting Audit will be included in management
will manage a particular risk within the to transport 15 million passengers in the discussions and committees and this will
companys risk appetite. So management coming years. So Etihad worked with Abu elevate its status because of our knowledge
identifies the existing or required controls, Dhabi Airports Company to expand the of the business. If Internal Audit does not
and we, at the time of our audit, assess airport to Terminal 3 and is now adding step in, some else will and that department
the risk and audit the controls in place. additional capacity in the new Midfield or person will go far ahead of Internal
Internal Audit at Etihad Airways validates Terminal. As Internal Audit, we will Audit. Chief Audit Executives who do not
the risks that the company is facing and look at the controls in place to mitigate play a role in risk management face a high
assesses the effectiveness of the controls put this strategic risk. In other words, what risk of becoming obsolete.
in place to mitigate those risks. action is being taken by management to

BUILDING THE LEADERS
OF TOMORROW, TODAY.
Youre successful, respected, and committed.

What does it take to get to the next level?
The QIAL identifies, assesses, and develops core skills linked to audit leadership success. It caters
to CIAs and CAEs who are already strong performers and have the potential for greater leadership.
Registration is now open. Start your leadership journey TODAY at globaliia.org/QIAL.

141526
www.globaliia.org/QIAL
Human Resources TO COMMENT on the article,
EMAIL the author at ayman.abdelrahim@outlook.com
B Y AY M A N A B D E L R A H I M E D I T E D BY M E E N AKSH I RAZDAN
Characteristics of
a Successful
Chief Audit Executive
The increasing complexity of companies, be also be aware of any emerging risks and 5. Desire for Knowledge
combined with the impact of todays understand the impact of changes in the Knowledge distinguishes a leader from a
global economy, has resulted in a variety industry or the external environment. non-leader. The CAE should be constantly
new business risks and challenges. To alert to best practices, industry trends
3. Leadership Ability
help in responding to these new risks and and inspire internal auditors to develop
The CAE should have strong leadership
challenge, it is essential for a company to themselves, maintain a commitment to
skills which are demonstrated even beyond
have a highly skilled Chief Audit Executive ongoing training and learning.
the internal audit department. The CAE
(CAE). This CAE must possess several
should inspire, motivate, challenge the
core characteristics which will allow him or
her to be successful.
auditors to take greater ownership for
their work. Empowerment is important
If you want to be
One clue to these characteristics can be
found in the meaning of the word Audit,
to achieve high performance, without
empowerment internal auditors cannot
successful, you have
derived from the Latin word audire
which means to hear. Successful CAEs
own their work and take responsibility for to be willing to invest
their results. Also, the CAE should have
hear what is happening within a company
and also hear to what stakeholders have
the ability to create new leaders for the in yourself
organization; those leaders can drive the Richard Chambers, CIA, QIAL President
to say. Therefore, a successful CAE is one and CEO of The Institute of Internal
future of the organization.
who not only technically solid but has Auditors
appropriate behavioral characteristics. The The CAE can play significant role in
mix of essential characterizes that should driving the change in the organization and
be found in a CAE is as follows: can be effective champion for innovation, Conclusion
by providing improvements in strategy and As the requirements of companies change,
1. Strategic Thinking
activity through promotion of innovation the required characteristics of a successful
CAE plays an important role in providing
and awareness of emerging opportunities CAE will also need to change. CAEs have
assurance whether the organization has
and risks. The competencies for critical a big role to play in a company by helping
the ability to achieve its objectives or not.
thinking, innovation and improvement are an organization remain aware of and
This means that a CAE should understand
very important for CAE to succeed. effectively manage its current, strategic
the companys business and how he work
and emerging risks. To be successful at this
together with top management to achieve 4. Effective Communication
role, a CAE needs to have a combination
a companys strategy in order to and Listening to stakeholders and
of above characteristics mentioned above
help guide the organization in the right understanding their needs and concerns is
to allow him to add value to a company.
direction. vital for CAE role. Strong communication
In todays world, it is absolute critical for
skills can help in building positive
2. Mastery of Risk a CAE to continuously upgrade his or
relationships with senior management and
The CAE needs to establish risk-based her skills in order to meet the changing
business leaders. Communicating issues
internal audit plans to ensure that the expectations of companies and the internal
accurately and prioritizing them is also
priorities of the internal audit activity audit profession.
important. Another important thing is
are consistent with the companys goals.
using the right words in audit report which
Accordingly, it is necessary to have a AYMAN ABDELRAHIM, MQM, CIA, CCSA, CFE
demonstrates professionalism of CAE and
high sense of risk awareness and how the is a Chief Internal Auditor at a government
the audit team. organization in Dubai.
organization manages its risks; CAE should

Innovation
B Y KA M R A N A H S A N
Shaping
talented
audit teams
A veteran chief audit executive and
a technical specialist join forces to
showcase innovative professional
development programs for internal audit.
A
fundamental role of internal out the importance of talent management: professional auditing standards
auditors in the twenty-first underpins audit value, with proficiency
Thinking strategically to reduce the
century is to add value to the and continuing professional
talent gap was emphasised in the IIAs
business and help it achieve its objectives. development emphasised in standards
Tone at the Top newsletter in January
At the same time, employee talent 1210 and 1230 respectively (ie
2013. The article also noted the need
management has become a priority, as possess and/or enhance knowledge,
to support professional development
stakeholders recognise that internal skills, and other competencies).
and encourage staff to work
auditors need to understand the business. Maximising individual potential is a key
collaboratively with other business units
to being an employee of choice. It helps
This article focuses on ten developmental to promote cross-pollination of
to create a highly satisfying place to
programs across three tracks (illustrated in knowledge.
work, and improves the intellectual
Exhibit 1) that can be structured to close Skill-set gaps was identified by delegates capital within the IAA.
skill-gaps and provide the internal audit at the IIAs Global Council meeting Keeping internal audit fresh
activity (IAA) with practical insights into held in Dubai in 2014 as one of the and up-to-date through effective
the business. top five obstacles the profession faces audit leadership. In a June 2014 blog,
through 2020. the IIA President and CEO Richard
Imperatives and CEO Richard Chambers
Understanding business was identified
There is broad diversity of need for emphasised the importance
as very important by over 70% of
technical and soft skills and a need for of audit leaders being role models,
respondents to the IIAs 2010
internal auditors to operate at a sufficient focusing on positives, being
global survey. This was the highest rated
level of competence to show the value of goal-oriented, making the time for
of 18 technical skills.
the profession. IIA Global Council 2014 the team, and getting help from
Leaders of our profession have clearly spelt Maintaining compliance with others through effective delegating.
Exhibit 1 Overview of audit development programs

Bringing Business People into Audit Delivering Inhouse Programs Sending Auditors into the Business
1. Graduate program 5. Alumni network 8. Frontline connections
2. Guest auditors - specific audits 6. Knowledge champions 9. Secondments within the entity
3. Guest auditors - longer-term 7. Mentoring 10. Swap or secondment with another
secondments entity or service provider
4. Middle management rotation program
16 INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

Innovation
Implementation of professional Audit Competency Framework or within Develop the selected programs for your
development programs is another a defined IAA Professional Development IAA, building up from bottom of the ten
leadership imperative. Plan. Determine any related development building blocks in Exhibit 2.
programs that your entity already has Recognise that motivation and state
Key steps in place. For instance, well-established of readiness to learn are important
graduate and mentoring programs exist in considerations in identifying the right
Tell me and Ill forget; show me and I may
many entities. Assess the best options for participant/s.
remember; involve me and Ill understand.
tailored development programs that suit Finally, irrespective of which program is
Chinese Proverb
your IAA. From the program overview chosen, ensure that fresh ideas and insights
Identify the competency needs of your table, select one or two programs to are generated for the IAA. This is the
IAA. These may already be identified implement now, and others that might be critical payback phase.
through an the IIAs IIAs Global Internal beneficial in the future.
Engage participants and undertake program Provide fair and valued learning feedback
Road test and promote the program Select participants based on selection criteria Establish and provide suitable induction
Define aim, desired outcome, and strategy Align to entity career development strategies
Identify IAA skill gaps and learning objectives Consider the key principles of audit learning Select best programs; formalise key elements
Program Overviews : Bringing business people in
Program 1 : Graduate Program
Design Aims : Introduce governance, risk and control fundamentals to entitys graduate program participants.
Primary Benefit : Helps shape career of potential future leaders, through experiential learning.
Secondary Benefit : Brings youthful enthusiasm into IAA. Builds ambassadors for IAA through a good experience.
Key Features : Provides graduates an IAA rotation to deliver practical insights on auditing, and holistic appreciation of core
activities of entity.
Program 2 : Guest auditors - for specific engagements
Design Aims : Draw guest auditors onto specific audits where their technical skills are needed.
Primary Benefit : Delivers subject matter experts from technical business areas to IAA to bring expertise to particular audit
engagements. Example: a Western Australian mining company utilised engineers to great effect.
Secondary Benefit : Runs for shorter duration than other programs, and is informal and less structured.
Key Features : Provides graduates an IAA rotation to deliver practical insights on auditing, and holistic appreciation of core
activities of entity.
Program 3 : Guest auditors - longer term secondments
Design Aims : Leverage expertise of business staff.
Primary Benefit : Drives audit improvement strategies through technical advice on audit planning, fieldwork or reporting.
Secondary Benefit : Brings in a free expert resource.
Key Features : Facilitates secondment of operational staff from business areas to IAA for defined periods (several weeks or months).
Program 4 : Middle management rotation program
Design Aims : Build capability of middle managers, whilst drawing business experience into IAA.
Primary Benefit : Helps management by giving high potential middle managers opportunity to learn first-hand
about entity-wide governance, risk and control arrangements.
Secondary Benefit : Facilitates two-way learning. IAA gains services of respected business people to work on audits.
Helps to build business acumen in auditors.
Key Features : Delivers longer term learning benefits for future executives through structured program; CAE partners with C-suite.
Delivering in-house programs
Program 1 : Alumni Network
Design Aims : Invite alumni to IAA events to provide insights on direction, planning and strategies of IAA.
Primary Benefit : Uses structured approach to leverage rich source of ideas, insights and perspectives that former
internal auditors have gained in their new roles.
Secondary Benefit : Achieves progress through sharing for professional counterparts.
Key Features : Provides basis for staying connected with experienced auditors who move into other parts of business or to other entities.

EMAIL the author at bruce.turner@mail.com Innovation
Program 2 : Knowledge champions

Design Aims : Nurture mid-level audit staff to become knowledge champions.
Primary Benefit : Auditors develop expertise in assigned specific knowledge areas, such as emerging practices and issues; governance,
risk, control; or technical areas of entity. Example: tax collection agency CAE might assign indirect taxes, direct taxes,
client register etc.
Secondary Benefit : Provides CAE with timely information on contemporary trends and business issues, and be well-briefed for C-suite
and audit committee interactions.
Key Features : Reduces dependency on hiring terrain experts.
Program 3 : Mentoring
Design Aims : Achieve full potential of auditors.
Primary Benefit : Fosters professional relationships, where auditors have opportunity to collaborate and share insights
with experienced executives outside IAA.
Secondary Benefit : Provides forum offering constructive and frank advice to support auditors career development.
Key Features : Offers cost-effective way of assisting auditors to acquire knowledge and skills to operate within challenging environment.
Sending auditors into the business
Program 1 : Frontline connections
Design Aims : Enable senior audit staff to spend time in field with operational staff.
Primary Benefit : Provides an opportunity for auditors to gain experience on the ground so they better comprehend frontline
activities and day-to-day challenges of entity.
Secondary Benefit : Provides job enrichment for participants so they remain sharp and objective.
Key Features : Enables auditors to spend half a day every month or quarter in the business shadowing frontline staff and completing
lower-risk operational tasks.
Program 2 : Secondments within the entity
Design Aims : Provide a short break from auditing to refresh key staff.
Primary Benefit : Refreshes knowledge of seasoned auditors across business operations, and enables them to
experience day-to-day operational pressures.
Secondary Benefit : Showcases to management the talent within IAA, and helps to further build IAAs professional profile.
Key Features : Facilitates targeted secondments within business areas.
Program 3 : Swap or secondment with another entity or service provider
Design Aims : Boost breadth of experience of high potential auditors.
Primary Benefit : Enables auditors to gain experience in another entity or service provider and bring fresh insights back to IAA.
Secondary Benefit : Reduces risk of auditors becoming stale and resigning, by enabling them to gain broader experience and build
their career path.
Key Features : Provides swap of high-potential auditors or secondments for pre-determined periods (say, three months) to achieve
defined experiential learning objectives; established through mutual agreement of CAEs.
Anticipated outcomes insights gained by drawing business-based future senior leadership positions. They are
The best minute I spend is the one I invest expertise into more complex audits. also influenced to become ambassadors for
in people. Kenneth Blanchard The IIA as a whole benefits by improving internal audit.
Well-structured professional development its intellectual capital and expertise; Auditors placed into the business or
programs can help shape a legacy that goes building on the overall talent at its disposal; involved in in-house programs gain job
beyond the outcomes traditionally expected and enhancing its credibility through enrichment; build their skills; gain greater
of members of the internal audit profession. technically strong outputs. Programs understanding of the business; and take
In particular: interfacing directly with the business have steps to maximise their individual potential.
The CAE creates a highly satisfying place the added benefit of showing the human
BRUCE TURNER, CGAP, CRMA, CFE, CISA,
to work, which helps to attract and retain face of internal auditors. PFIIA, FFin, FIPA, MAICD, FAIM is an audit
excellent staff. Business specialists brought into the IAA committee chairman in Australia and Chairman
The value of internal audit is enhanced benefit from the insights that they gain
JACQUELINE TURNER, B.L JS,
in the eyes of the entitys most senior in respect to corporate governance, risk GradCertFraudInv is a white collar crime
executives (commonly called the C-suite) management and internal control; skills analyst at a multi-national financial services
and the audit committee, through practical which they will need as they move into institution in Australia

Held under the patronage of
H. H. Nahyan bin Mubarak Al Nahyan
UAE Minister of Culture, Youth & Community
The Association of Certiifed Fraud

Examiners (ACFE)s Inagural Annual
Conference in the Middle East & North
Africa (MENA) region is dedicated to
eliminate and minimise the risk of
Fraud & Corruption, manage the Risk
of Fraud and Give an Insight on the
latest techniques and strategies to
fight Cybercrimes.
Book now to earn
16 CPEs
Venue: Intercontinental Hotel Dubai Festival City, Dubai, UAE

Date: 21st - 22nd January 2015
Email: acfe@iiauae.org
or visit our website: www.iiauae.org
Quality Improvement
B Y L AL IT D U A
Auditee
Feedback
Positive and Honest feedback adds
to Audit Effectiveness
O
ne of the important factors has to support the review by demonstrating dead inventory items is not effectively
for an effective audit is confidence in auditor. conducted during the year will not
Auditee feedback which has yield any tangible feedback unless it is
commonly been ignored and Feedback from auditees is a confirmation specific like As per policy the exercise of
has not usually been part of professional on the auditors analysis of data, identification of slow, non-moving and
discussions. It appears very simple and compilation of information, approaches dead inventory is not being done quarterly
nice to read this statement but all internal of audit, observations made, acceptance and our exercise of identification of such
auditors know how much effort it takes of recommendations etc.. The auditee is inventory items resulted in 12 such items,
to get focused, positive and value adding the one who can approve or reject the the detail of which is in the attached
feedback from an auditee. Dealing with internal auditors efforts, which should statement.
behavior and responses of auditee during be done diligently and honestly. Even the
this process is quite a challenge. auditee at higher levels of management will B. Timeliness
not accept the observations unless they The auditor is required to submit any
The auditee should recognize the fact have been accepted by the previous levels detail or observation to auditee well in
that his enhanced performance, through of management. Hence the auditee can time and for the period under review. Any
auditors recommended corrective even make or break auditors positivity of undesired delay in feedback will lose its
measures, will help in achieving his approach in audit review. significance and may delay the process of
departments objectives. So establishing an audit. The sooner the auditor identifies
honest understanding of objectives of the The auditees feedback should be specific the requirement of changing approach,
audit and respective roles of auditor and to the issues/observations, timely and be working and source of information/data,
auditee, should take place before the start delivered in an appropriate way. the sooner they can correct the point
of the audit process. involved and conclude the audit effectively.
A. Specific to issues
The Need for Feedback Feedback is at its best when it relates to a C. Manner
Audit reviews can be a smooth journey specific observation, data analysis and audit Feedback should be given in a manner that
if both auditor and auditee understand query. The auditee feedback will be to the will help to improve audit performance.
the objective and both of them work in point and constructive if all the relevant Since people respond better to information
coordination and participation with each details have been provided as any gap will presented in a positive way, feedback
other, to achieve desired improvements. lead the auditor to an unwanted direction. should also be expressed in a positive
The auditor has to ensure transparency Submitting an audit observation to manner. It must be accurate, factual, and
in review approaches, conduct and auditee like Observed that exercise of complete. Feedback is more effective when
finalization of the audit. The auditee also identification of slow, non-moving and it reinforces what the auditor did right and/

EMAIL the author at lalitrdua@gmail.com Quality Improvement
wrong and then letting him judge what and assures of complete support. at each of these levels will differ in content
needs to be done during the course of and style. The process of getting feedback
B. During conduct of audit
audit. in the closing meetings will be smoothened
While conducting audit reviews the
if auditor has been transparent in his
auditor is applying different approaches
Frequency and Stages of feedback approach and conduct during the course
and techniques of audit. He also makes
The feedback from the auditee can be of audit.
verbal and written communication on
regular or as requested by the auditor.
issues involved in reviews. The responses, Overall feedback
Regular feedback can be given as and
actions, reactions and behavior of auditee Though an auditor is getting feedback at
when the auditor discusses processes,
to such activities are a kind of feedback to different stages and from different level of
asks for records and data for review and
auditor on how the audit review is being auditees and management staff on specific
when querying the auditee about some
conducted. After having explained the areas of audit, the practice of getting an
observations. The auditee feedback is
scope and objective of audit review in the overall audit feedback has been formalized
expected to be with positive intent as it
kick off meeting, the auditor should ensure in many organisations. The criteria on
would depict auditee desire for the auditor
that the review is being conducted within which overall performance of audit is to
to add value.
the same scope, with positivity and without be evaluated are many and in use. It is
The periodic feedback sessions are normal
any intention to find mistakes, the maturity of the organisation and the
features of any audit review where formally
errors, frauds etc.. The moment the auditee role of the auditor it has foreseen, which
the details of issues to be discussed and
defines the list of criteria for feedback. An
organisation may even require the auditor
to rate different auditees also on defined
criteria.
The overall feedback on different aspects
of the audit sets a benchmark or highlights
the gaps in performance acceptance of
management from audit department.
Conclusion
will get any sense of negativity in what the
feedback to be taken from the auditee Auditee feedback on different aspects of
auditor is doing; the auditee will withdraw
are provided in advance. The feedback is the audit sets a benchmark or highlights
himself and will tend to feed or provide
documented and is either taken as base for the gaps in performance acceptance of
whatever has been asked without any
the next level of audit review or forms part management from audit department.
positive participation. The end result will
of report itself. With effective feedback, Each audit observation has to be taken
be extra efforts by the auditor, not enough
auditor will be working in right direction up in its right perspective, without over
confidence in whatever is being done and
and will be more potent in conduct of doing and mis-interpretation. An auditee
non-participation of the auditee in the
audit. expects to be given the opportunity to
process of improvement.
give their perspective, a process that helps
A. Feedback in the opening meeting with C. In the closing meetings to gain their commitment, so the auditor
auditee The feedback requirement in the closing should welcome feedback. By adopting and
The auditor has to explain to auditee the meeting should not come as a surprise. It implementing a collaborative approach to
objective, scope, tentative duration of is better to raise issues as they arise in the feedback and highlighting the ultimate aim
review, initial record and details required course of an audit, having a constructive of the audit to support auditees in order to
in the Kick off meeting. The meeting will discussion on the spot as and when improve organizational performance, will
give opportunity to the auditee as well to required. The closing meetings are done at provide solid foundations for a positive
raise questions and ask for clarifications, various stages and with various auditees experience for all concerned.
if any from the auditor. At the end of the during the course of finalizing audits.
meeting his clear understanding about the Since these closing meetings are done
whole process of the review is a kind of with concerned auditee, department and
feedback whereby he gives his concurrence functional heads levels so types of feedback LALIT DUA, CA is head of internal audit at

Audit Management
B Y TI M J . L E E C H
Board & C-Suite Driven Assurance:

The Dawn of a New Era
M
any years ago I wrote a seminal that time the profession has evolved 4. Direct report auditing is the
article titled Control & Risk Self- and advanced in many positive ways, primary approach used globally.
Assessment: The Dawn of a New but continues to be bound by some In a direct report engagement
Era in Corporate Governance. That article, fundamental and confining paradigms. the auditor evaluates the subject
and the ideas in it, played a significant role The paradigms include: matter for which the accountable party
launching my first company in 1991, and is responsible. The accountable
had a significant impact on the profession 1. Internal auditors plan, execute, and party does not make a written
globally. Almost 25 years later this article report results of point-in-time audits. assertion on the subject matter they are
describes recent developments and forces 2. Internal auditors assess internal responsible for.
that will almost certainly see the onset of controls and report opinions on 5. The profession has been primarily
an even more profound and significant whether they believe controls are supply driven not demand driven.
transformation truly the dawn of a new effective. 6. Internal audit does not usually know,
era in internal auditing. 3. Internal auditors report what they or require that management and
believe to be control boards define, the type and amounts
Traditional/Historical Internal deficiencies, material of risk the company and its board are
Auditing weaknesses, significant prepared to accept.
I joined the profession as an internal
deficiencies or opportunities 7. A majority of internal audit
auditor in the summer of 1981. Since
for improvement. departments have not, for a variety of

Audit Management
and auditors titled Principles for an

Effective Risk Appetite Framework.
4.6 Internal audit (or other independent assessor) should:
The authors of the FSB guidance took
a) Routinely include assessments of the RAF on an institution-wide basis as well
the bold step of defining new and bold
as on an individual business line and legal entity basis;
mandates for management, boards of
b) Identify whether breaches in risk limits are being appropriately identified,
directors and, most significantly for
escalated and reported, and report on the implementation of the RAF to the
readers of this article, internal auditors.
board and senior management as appropriate;
Details of the new role envisioned for
c) Independently assess periodically the design and effectiveness of the RAF and
internal auditors is shown in the box
its alignment with supervisory expectations;
below. The FSB is, in essence, calling on
d) assess the effectiveness of the implementation of the RAF, including linkage
internal audit to transition from providing
to organisational culture, as well as strategic and business planning,
spot-in-time, direct report, subjective
compensation, and decision-making processes;
opinions on control effectiveness on
e) Assess the design and effectiveness of risk measurement techniques and MIS
a small percentage of an entitys risk
used to monitor the institutions risk profile in relation to its risk appetite;
universe, to reporting on the reliability
f) Report any material deficiencies in the RAF and on alignment (or otherwise)
and effectiveness of an organizations
of risk appetite and risk profile with risk culture to the board and senior
entire RAF, including, but not limited to,
management in a timely manner; and
reporting on the reliability of risk status
g) Evaluate the need to supplement its own independent assessment with
reports provided to the organizations
expertise from third parties to provide a comprehensive independent view of
board of directors by senior management.
the effectiveness of the RAF.
Source: Financial Stability Board, Principles for an Effective Risk Appetite
IIA Pulse on the Profession, Enhancing Value
Framework, November 18 2013.
Through Collaboration: A Call to Action, IIA
AEC, July 2014.
reasons, assessed and reported on risks regulators, had not adequately discharged Codification of board responsibility
to the organizations top strategic/value their duty to oversee what is increasingly to oversee managements risk appetite
creation objectives, or the effectiveness being called managements risk appetite and tolerance In parallel with the
of the entitys entire risk management and tolerance. FSB, regulators around the world have
framework. started to enact regulations that reflect
Creation of the worlds first preeminent key FSB recommendations, particularly
The traditional/historical direct report regulator guidance body Financial the need to assign primary responsibility
approach to internal auditing described Stability Board (FSB) Shortly after for risk management and reporting to
above is now under attack. Evidence the onset of the global financial crisis a management; and risk appetite/tolerance
collected globally in 2014 indicates decision was made to create a new super oversight to boards of directors. One of
dramatic drops in internal audit customer regulatory power, the Financial Stability the most graphic illustrations is the new
satisfaction. Board (FSB). This organization, currently UK Governance Code issued in September
chaired by Mark Carney, Governor of 2014. It positions responsibility for risk
Key Developments Globally the Bank of England, with representation
oversight squarely with boards of directors;
from governments and financial sector
calls on management to design, implement
Board responsibility to oversee and securities regulators from around the
and maintain effective risk governance
managements risk appetite and tolerance world, has, with unprecedented speed,
frameworks; and calls on boards to seek
significantly elevated - Following the 2008 formulated and disseminated what is most
independent assurance that management
global financial crisis commissions were aptly termed paradigm shift guidance
has, in fact, designed, implemented, and
convened around the world to try and with an overarching, albeit unstated, goal
maintained effective risk governance
understand what had gone wrong and of reengineering corporate governance
frameworks. It is expected other major
prevent similar destabilizing events in the globally. One of the FSBs most significant
countries that want to improve the
future. A unanimous conclusion was that contributions to date is a November 2013
integrity of their capital markets will follow
boards of directors and, to a lesser degree, guide for national regulators, companies,

EMAIL the author at tim.leech@riskoversight.ca Audit Management
the UKs lead. providing assurance to boards that senior internal controls internal audit has
Internal audit customer satisfaction management is creating and maintaining historically focused on. More importantly,
plummets as these regulator driven effective risk management and reporting internal auditors need to continuously
developments gain traction globally a frameworks. assess and report on whether the current
summary of customer satisfaction surveys residual risk status related to key strategic
done by 3 major consulting firms and the Educate Boards of Directors on Evolving and foundation objectives is currently
Institute of Internal Auditors was reported Expectations - the evolution of these within the board and senior managements
in the July 2014 IIA Pulse on the Profession expectations is likely to evolve at varying risk appetite and tolerance.
Report referenced earlier. The report speeds and intensity in different countries.
paints a graphic picture of a significant and Not all senior management and board Closing Remark - Recognize that aversion
very recent decline in board and senior members have been actively following the to change is a human condition this short
management satisfaction with traditional/ evolution of these new expectations, and article outlines events and drivers that call
historical direct report internal audit not all national regulators have codified for radical and quantum change in the
services. risk governance expectations with the current internal audit paradigm. A natural
clarity and simplicity of the September human trait is to resist radical change
What This Means to the Internal 2014 UK Governance Code to spur the and favour smaller and more incremental
Audit Profession Going Forward needed transition. It is also important steps. The dramatic drops in customer
to note that not all CEOs and CFOs are satisfaction statistics described in the IIA
Need to Transition from Direct likely to welcome direct responsibility for July 2014 Pulse on the Profession report
Report/Spot-in-Time Auditing to creating and maintaining effective risk have led to the IIA literally issuing A
Attestation Reporting on Management appetite frameworks and providing formal CALL TO ACTION to internal auditors
Representations on Risk Framework and candid reports on residual/retained around the globe. Addressing rapidly
Effectiveness and Risk Status the FSB risk status to their boards. evolving and escalating customer and
has defined roles for the board, senior regulatory expectations will require the
management, and internal audit that Look for Opportunities to Gain the New profession globally make rapid and radical
call for a fundamental accountability Knowledge and Skills Required - If internal changes if it is to ensure it remains fully
shift - a shift that requires management auditors are to accept and assume the relevant to key customers in the years to
continuously assess and report upward type of responsibilities defined by the FSB come. There is a well-known adage that
on risk status, and for internal audit to earlier in this article, they must retool states necessity is the mother of invention.
assess and report opinions to the board their knowledge and skills. Instead of The need for radical and rapid change
how well management is discharging their the traditional internal audit focus on in the traditional internal audit delivery
assigned risk governance responsibilities. providing subjective opinions on control model is real. Its time the internal audit
This new paradigm requires radical effectiveness, internal auditors now need profession literally reinvent itself to meet
and fundamental shifts in existing IIA to acquire the knowledge and skills to the needs of key customers particularly
certification curriculum and training assess and report on the reliability of boards of directors. No small task to be
offerings. IIA IPPF professional practice managements risk appetite frameworks, sure, but a job that absolutely needs to
standard 2120 was modified in 2010 including managements reports to the be done. Best wishes for success as the
specifically to provide support for the shift, board on retained/residual risk status. profession decides whether it welcomes, or
and the Certification in Risk Management This means learning the type of vocabulary resists, the dawn of a new era in internal
Assurance (CRMA) launched globally. defined by the FSB in its Principles For auditing.
Internal audit departments will need to An Effective Risk Appetite Frameworks
evolve from the business of performing guidance and the globally accepted ISO
traditional spot-in-time direct report 31000 and ISO Guide 73, and gaining the
Tim J. Leech CIA CCSA CRSA FCPA is Managing
audits and providing subjective opinions knowledge and skills necessary to identify
Director Global Services at Risk Oversight in
on control effectiveness on a small the full range of risks, risk treatments,
Canada and is recognized globally as a thought
percentage of the risk universe and, instead, and a picture of residual risk status, not the
leader and advisor in the risk and assurance field.
focus substantially more resources on much narrower assessment of traditional

AD SPACE
Risk Oversight
Fraud
BY ROBIN SINGH
Inside the Mind

of a Fraudster
Identifying potential suspects based on the profile
of a fraudster is not a straightforward task.
F
or as long as white-collar crime Acts with others in committing fraud. importance; Believes that he or she is
fraudsters have been a common According to KPMGs study, more than special and can only be understood
occurrence throughout multiple 61% of individuals that committed by high status people.
industries, specialists have wondered aloud fraud did so with the help of at least Have a deep need for admiration for
whether or not it is possible to properly one other individual. themselves; a sense of superiority.
develop a profile that allows organisations Believe that theyre superior to others.
to accurately identify fraudsters while
Personality Constantly bending the rules for
Another compelling fact which the KPMG himself although outwardly criticising
the fraud is happening, or in some cases
study bought forward was that a large others for similar behavior.
beforehand. Of course, predicting crime
percentage of fraudsters were extroverted Have little regard for other peoples
before it actually happens is a concept best
(33%), friendly (35%) and highly respected feelings.
left to science fiction novels and movies
(39%). These personality traits do not seem Be intolerant of anything perceived as
at the moment but what if there were
to be indicators of someone who is prone less than a perfect performance.
some easily identifiable warning signs of
to fraud but when combined with traits Exaggerate their own achievements or
potential fraudsters?
like greed and desire for personal gain1, talents.
General Attributes one can then get a clearer picture of the Expecting others to go along with your
While any individual could potentially personality of these individuals. ideas and plans.
conduct fraudulent actions, there does Taking advantage of others.
Studies have proven that these are people
seem to be some basic elements that make Trouble keeping healthy relationships.
who are either malignant narcissist,
an individual more likely to take part in Be envious of others and / or believes
or suffer from Narcissistic Personality
fraud. According to a study by KPMG1, that others are envious of him or her.
Disorder (NPD), which is defined as an
the typical fraudster displays the following To add to the above, the Association
enduring pattern of inner experience
attributes: of Certified Fraud Examiners (ACFE),
and behavior that deviates markedly
Is between the ages of 36 and 45. More mentions in its 2014 report that the
from the expectation of the individuals
than 70% of fraudsters fall into this age financial losses resulting from fraud
culture, is pervasive and inflexible, has an
group. committed by Owners/Executives at
onset in adolescence or early adulthood,
Acts with little regard for the companies were at least than 3 times
is stable over time, and leads to distress
organisations which they work for. larger than the losses resulting from fraud
or impairment. Because these disorders
Is employed in a position that gives committed by managers or employees.
are chronic and pervasive, they can lead
them power over important Similarly, the ACFE study showed that
to serious impairments in daily life and
organisational processes including the longer a fraudster had worked for a
functioning.
executives, finance, operations and company, the more financial harm he
Actually, to really go inside the mind of
marketing. or she caused. This supports the fact
a fraudster, one needs to understand the
Has been with the organisation for six conclusion that big game players are the
traits of a person suffering from NPD:
years, or long enough to know the ones who are at the top of the corporate
Have an inflated sense of their own
internal processes of the company. pyramid.

EMAIL the author at drobinsingh@gmail.com Fraud
There is a strong correlation between the of your typical fraudster, it can be very
difficult to implement fair policies that
fraudsters level of authority and the losses target individuals that fit that profile
without causing some unrest within the
resulting from the fraud ACFE 2014 Report to company.
the Nations Naturally, management positions should

be afforded some type of oversight in
order to limit the chances of fraud.
But a good investigator / interviewer would beyond his or her means. In the Middle
However, placing increased oversight on
be able to identify that behind this mask East, the question asked is Where did
a specific group of individuals can seem
of ultra-confidence lies a person with you get this from? This alludes to the
like unfair targeting to employees and can
fragile self-esteem and vulnerability to the how an individual can afford to purchase
cause issues. In some cases the improper
slightest criticism / comment made against something which is clearly above his
implementation of fraud mitigation
them in a negative manner. Additionally, financial abilities. ACFEs 3 top 3
strategies can open a company up to
an investigator will need be good at behavioral red flags displayed by fraudsters
potential lawsuits. Lawyers and industry
profiling since the majority of fraudsters are shown in the table below:
would have never been punish and would
not have criminal records! Behavioral Red Flags Displayed Perpetrators
Living Beyond Means 43.8%

Try and imagine people like Jeffrey Skilling,
Financial Difficulties
Enron Corp.s former chief executive, who 33%
carried a tremendous pride that he could Unusually Close Assoication 21.8%

with Vendor/Customer
do anything under the sun such as build
idealistic concept of energy trading and professionals should be consulted before
On another note, experience also shows
explored Mark to Market accounting which implementing strategies based on profiles
that individuals that committed fraud
could show people that they can bill for of fraudsters.
did so with the help of at least one other
future profits right now and everyone, even
individual. What do you think the other Conclusion
the authorities bought into that concept.
person would be like? Generally the other While it is definitely possible to create a
The whole office used to look up to him.
partner is a submissive one, who would basic profile for fraudsters, it is important
Think of people like in the Wolf of Wall generally take instructions from the to remember that this profile constantly
Street, Jordan Belfort, who could sell penny dominant partner. Since the dominant changes as technology adapts and new
stocks better than Apple, Intel etc. The partner might want to remain in control, avenues of fraud become available.
whole office admired him. They all had an they should avoid choosing the person Mitigating the risk of fraud is an important
attractive, role model personality, etc. of equal stature because they would have consideration for any business, and
to share their loot equally with other utilising data has become a large part of the
The list can go on and on and includes partners. If an investigator cracks the equation for many.
Ponzi Scheme perpetrators such as Scott weaker link, the whole case would unravel
Rothstein and Bernard Madoff as well as like a blossoming sunflower . References:
accounting fraudsters such as Ramalinga 1. Global Profiles of a Fraudster, KPMG
Raju (formerly of Satyam Computer Individuals exhibiting the aforementioned International, 2013.
Services) and so forth. behaviors must be critically examined. 2. Diagnostic and Statistical Manual
Quantitative tools must be especially of Mental Disorders (DSM-5), American
Behavior keen, and third-party verification like Psychiatric Association, 2013.
There are certain behaviors which a psychometric test can be a good 3. ACFEs 2014 Report to Nations on
fraudsters exhibit. These behaviors can component of this analysis. Occupational Fraud and Abuse.
serve as tell-tale signs that an individual
may be committing fraud. From my
Drawbacks of Profiling ROBIN SINGH, MBA, MIT, CFE, CFAP is Senior
Even though a large portion of fraudsters Ethics / Fraud Control Officer at Abu Dhabi Health
experience, the most common behavioral
meet the previously mentioned guidelines Services Company (SEHA).
red flag displayed by fraudsters is living

Risk Management
B Y KE TA N B H O O L A
Project Controls:
More than just a
box ticking
exercise
In my previous life as a site architect Based on my experience, as an advisory tool can be very useful in clarifying roles
working on the design and build of a mega partner to many leading developers in the and responsibilities across the various
shopping center, I vividly recall a cold region, I have summarized below what departments/functions within the team.
winters morning, standing on site with project controls we would expect to see in 4. Delegation of authority matrix
the team that included the finance guy, place on capital projects. This summary In most cases, we have observed the
as we called him. He was understandably is by no means all inclusive, but will go incorrect use of a delegation of authority
worried because he had to deliver a difficult a long way towards delivering a project matrix. Entities have moved to extreme
message to the project team. The message? successfully. cases where either too much or too little
The project had run out of cash. The 1. Stage gate approvals authority has been placed on the project
project manager was infuriated but all he As the project moves through the lifecycle team. The net effect allows variations to
could do was throw his hands in the air from initiation, planning, executing, be carried out outside the mandate of the
and walk off the site. Someone in our team monitoring and control to close-out, delegated authorities. In many of these
said sarcastically, so much for our project we would expect to see formal sign-off cases we have also observed the use of
controls! from senior management and the key retrospective approvals being obtained
What exactly are project controls? What do stakeholders. These stage gate approvals do when the Variation Order is prepared.
they do and why are they so important? In not allow the project to proceed without Having key personnel with the adequate
fact, in my experience, I have found that if the required formal documented approvals level of authority and accountability is key
you were to ask many people that question, in place. to project delivery.
you may be met with a few puzzled stares. 2. Policies and procedures 5. Project reporting
However, the truth of the matter is that We have seen the use of detailed policies Daily, weekly and monthly reporting can
project controls are probably the most and procedures leading to improved provide a good mechanism to ensure
important element of any successful capital project delivery functionality, from pre- projects are being accurately reported on.
project delivery. development through to handover, leading A report produced for the sake of reporting
Project controls have much to do with to better decision-making, greater accuracy is meaningless. Below are examples of good
monitoring all the metrics of a project. of forecasted spend and the capability practices that should be considered:
This can include quantities, time, cost, to deliver on budget, thus limiting cost 5.1 Forecasting and variance analysis
cash flows, risk reporting, etc. The simple overruns. In essence, defining all the Monthly forecasting and variance analysis
definition in my book is that project actions needed to be taken in a detailed is essential to project reporting. The use
controls are all the actions you would take policies and procedures document provides of variance analysis on actual versus
to ensure that your project is delivered on guidance to your team, makes their tasks budget and forecasted cost data
time, on budget and in accordance with predictable and ultimately, limits surprises. provides the where did we plan to be,
the projects design specifications. This of 3. RACI matrix where are we now and what is the expected
course means that project controls cover A Responsible, Accountable, final cost of the project.
the entire life cycle of the project - from Communicated and Informed (RACI) 5.2 KPI and project specific KPIs
its initiation, to the planning, execution, matrix describes the level of participation The project team should meet with senior
monitoring and control and even at the by the various roles in completing tasks management and the board at the start
project closeout phase. and the project. This simple yet effective and during the project to develop, track

EMAIL the author at kbhoola@deloitte.com Risk Management
and enhance the KPIs. This is the perfect team and consultants should be able
opportunity to ensure all stakeholders to demonstrate a robust methodology
are aligned, and the required KPIs are in to measure and communicate the real Project Critical
place. We recently reviewed the monthly physical progress of a project taking into
reporting of a leading contractor and account the work completed, the time
Success Factors
observed that the contractor did not report taken and the costs incurred to complete
on Paid to date. The project team did not that work. If done correctly it should allow Top 3 critical success
feel it was their responsibility to report for effective management decision-making,
on this metric as they felt that it was up which helps evaluate and control project
factors for Clients in
to the finance team to report on payment risk. projects:
related issues. We challenged the Board
of Directors and senior management on Senior Management needs to have accurate
the lack of input from other departments project information, one version of the 1.
including finance and procurement truth, to make informed decisions. Certainty of Cost
departments in the monthly reports. We
stressed the importance of including
finance and procurement KPIs in the
5.6 Risk management function 2.
In our experience, we have seen a worrying
monthly reporting. This would also ensure
trend where we find no evidence to
Qualified Staff
they are measured accurately and in line
support the fact that our clients identify
with the needs of the business.
5.3 Absence of Early Warning Notices
risks, prioritize them, establish mitigating 3.
strategies to deal with these risks and
(EWNs)
then monitor the effectiveness of these
Return on Investment
This is essentially management looking
strategies. In other words, we cannot
out for anything on the horizon that would
effectively say that the majority of our
affect the delivery of the project. We work
clients have a robust risk management
closely with senior management and
culture in their organization.
the project team to develop and identify
While the previous metrics may seem
Top 3 critical success
EWNs, so that problems are avoided and
projects are successful in delivering the
daunting to a project control office that factors for Contractors
is still in its infancy, it is important to
expected value for their owners and other
realize that the aim of these is to provide
in projects:
stakeholders.
useful information to management so that
5.4 Work-in-progress (WIP) management
A recent client had completed his mega
a project may be delivered successfully. 1.
Most organizations are encouraged to use
project and was happy that his project Qualified Staff
metrics that work for them. For example,
was delivered on time. While the project
during the course of our advisory work,
was slightly over budget, he believed
that he had successfully delivered the
we have assisted leading clients with 2.
the development and use of a one-page
project. In the months that followed, to Compliance with
project dashboard report. This one-pager
his horror, he became aware of the fact
would ideally be provided to executive Specifications
that over 20% of the project value was
management to help them provide the
still work in progress and had not been
certified and accounted for before. To his
correct oversight on projects. In hindsight,
3.
it would have also helped our little
disappointment, he began to realize his
accruals and WIP management system
shopping center back in the day! Profitability
was almost non-existent.
Source: Deloitte Survey at Arabian
5.5 Earned value or value of work done KETAN BHOOLA, B.ARCH, MRICS, is an World Construction Summit 2014
Like WIP management, the value of work Assistant Director at Deloitte Corporate
done and earned value methodology Finance Ltd.s Infrastructure & Capital Projects
needs to be closely monitored. The project division.

IA Magazine DEC ENG1 PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

IA Magazine DEC ENG1 PDF

Caricato da

Copyright:

Formati disponibili

DECEMBER 2014 WWW.INTERNALAUDITOR.

Using Feedback from Auditees to

Global Developments that are

INTERNAL AUDITOR A Look Into the Characteristics and

INSIGHTS ON GOVERNANCE, RISK MANAGEMENT AND CONTROL

The Time for Research

Abdulqader Obaid Ali

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 1

ACCELUS AUDIT MANAGER

Liberate audit teams from manual tasks

For more information on Accelus Audit Manager please visit:

2014 Thomson Reuters. All rights reserved.

22 Auditee Feedback 24 Board & C-Suite Driv- 28 Inside the Mind of a

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 3

UAE INTERN AL AU DIT ASSOCIATION C ONTAC T I NF OR MAT I ON

INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

The IIA UKs 2nd Annual Survey of

Combining Internal Audit and the

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 5

EY Report on How Internal Audit Can New Practice

New Guidance for UK Listed Companies

INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

Copyright 2014 Wolters Kluwer Financial Services, Inc.

Construction Subgroup Meeting

Launch of the Hospitality Subgroup

INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 11

INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 13

Youre successful, respected, and committed.

Registration is now open. Start your leadership journey TODAY at globaliia.org/QIAL.

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 15

Exhibit 1 Overview of audit development programs

16 INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 17

Program 2 : Knowledge champions

18 INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

The Association of Certiifed Fraud

Venue: Intercontinental Hotel Dubai Festival City, Dubai, UAE

20 INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 21

Board & C-Suite Driven Assurance:

22 INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

and auditors titled Principles for an

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 23

24 INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

Inside the Mind

26 INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

the Nations Naturally, management positions should

Living Beyond Means 43.8%

carried a tremendous pride that he could Unusually Close Assoication 21.8%

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 27

DECEMBER 2014 INTERNAL AUDITOR - MIDDLE EAST 29

INTERNAL AUDITOR - MIDDLE EAST DECEMBER 2014

Potrebbero piacerti anche