+ All Categories
Home > Documents > UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE...

UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE...

Date post: 06-Feb-2020
Category:
Upload: others
View: 10 times
Download: 0 times
Share this document with a friend
32
Transcript
Page 1: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS
Page 2: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS
Page 3: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 1 JUNE 2014

Strong Results So FarDear Readers,

I am pleased to announce that the launch of “Internal Auditor – Middle East” during the last quarter has delighted members of the UAE Internal Audit Association (UAE-IAA). Similarly, members of the global leadership of the Institute of Internal Auditors, who were in Dubai at the time, were pleasantly surprised with the quality of our magazine! Our thanks goes out to the Editorial Advisory Committee who put this together purely on a voluntary basis. We hope to achieve the magazine’s vision of becoming the region’s leader for governance, risk management and control insights.

The IIA’s global leadership was in Dubai to attend the first ever Global Council to be held in the region. We had the largest ever attendance since the inception of the Global Council and representation from 82 countries including the World Federation, South East Asia, Europe and South America. During the sessions, we learned that from the first quarter of 2014, the membership of the IIA grew to over 180,000 worldwide, with the majority being Certified Internal Auditors.

Whilst on discussion of Internal Audit globally, I would like to draw to your attention to the fact that the IIA’s International Conference for 2014 is scheduled to be held in London from 6 – 9 July 2014.

Back to base, the UAE-IAA held a breakfast for CAEs to discuss future plans of the Association and the UAE National training program pilot in Abu Dhabi and in Dubai. Also discussed was the 4th CAE conference to be held in Abu Dhabi on 16 and 17 November 2014.

Finally, we owe our success to our strategic partners, members and volunteers who helped us to grow from strength to strength. As there is always room for further growth, I request that more volunteers actively support our cause in areas such as sponsorships for events, attendance of our seminars, trainings and conferences, writing articles for our magazine and any areas which will benefit the profession and enhance our activities.

I wish you all a comfortable and pleasant summer ahead.

Sincerely,

Abdulqader Obaid AliPresident

From The President

Page 4: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

Annual Chief Audit Executive Conference

Annual Chief Audit Executive Conference

th

Venue: Jumeirah Etihad Towers, Abu Dhabi, United Arab EmiratesDate: 16 & 17 November 2014Conference Registration Email: [email protected]

For Hotel Reservations Email Mohamed Daanish at [email protected]

Register Now! Register Now!

A Fully Interactive Conference: The conference is designed as a fully interactive round-table aiming to provide each CAE the ability to share his/her own expertise with the entire audience.

Learn and Network with the Middle East’s Internal Audit Leaders.

Page 5: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 3 JUNE 2014

I N T E R N A L A U D I T O RM I D D L E E A S T JUNE 2014 WWW.INTERNALAUDITOR.ME

F E A T U R E S

D E P A R T M E N T S

14 COVER STORY: Climbing to the Top Internal auditors must evolve as the business evolves; this is the most important lesson to be learned from ENOC’s internal audit department. BY FARAH ARAJ

18 The Increasing Impor-tance of Anti-Corruption ProgramsIncreasing regulation and expansion into new mar-kets means that companies need robust anti-corruption programs. BY PAWAN HEGDE

4 Reader Feedback

5 Knowledge Update Public Sector Internal Audit; PwC’s Internal Audit Survey; Anti-Corruption; Priorities for Internal Audit; COSO & COBIT 5. BY VISHAL THAKKAR

8 UAE-IAA Events

10 Governance Perspectives Good governance leads to good management in the public sector. BY RAMI WADIE

12 Conversations with Colleagues Mona Hussain talks about the role of Emarati women in the internal audit profession. BY MEENAKSHI RAZDAN

24 Social Business Risks The use of social media for businesses is a necessity in today’s business environment but companies need to be aware of the associated risks. BY PETER STEWARD

28 Fraud Risk How to avoid common mistakes during fraud investigations. BY ROBIN SINGH

30 Fostering Fundamentals An external assessment is an essential step to building a world class internal audit function. BY UMAIR KADIR

22 Adding Value from a Private Equity Perspective Internal auditors can break traditional roles and addvalue during both the pre-acquisition andpost-acquisitions phases. BY ANUP KULKARNI

Annual Chief Audit Executive Conference

Annual Chief Audit Executive Conference

th

Venue: Jumeirah Etihad Towers, Abu Dhabi, United Arab EmiratesDate: 16 & 17 November 2014Conference Registration Email: [email protected]

For Hotel Reservations Email Mohamed Daanish at [email protected]

Register Now! Register Now!

A Fully Interactive Conference: The conference is designed as a fully interactive round-table aiming to provide each CAE the ability to share his/her own expertise with the entire audience.

Learn and Network with the Middle East’s Internal Audit Leaders.

Page 6: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

JUNE 20144 INTERNAL AUDITOR - MIDDLE EAST

U A E I N T E R N A L AU D I T A S S O C I AT I O N

B O A R D O F G O V E R N O R SAhmed A l Ansar i ; Kha l id A l Ha l yan ; Mohamed A l Har th i , MBA, CRMA; Abdu lqader Oba id A l i , CRMA, CFE; Naseeba A l ra i s , MSC; Ayesha B in Loo tah , MBA; Nae ima Mohammed A l Menha l i , MSC, CRMA; A l i A l Muwa i je i MAFB, MFA,CRMA, CT31000; Nah la A l Qass imi , Ph .D. , CRMA, CCP, CCA

E X E C U T I V E C O M M I T T E ERaza Abdu l la ; Abdu l rahman A l Hareb ; Ar indam De, MBA, CFA; Kar l Hendr icks , C IA , CCSA, CQA; Rus tom S. K re id l y, CPA, CRMA; Karem Obe id Fad i S idan i , CPA, MS; Rab i Yousse f , CPA; Adnan Za id i , CRMA, ACA, MBA, CCSA, C IA , CFE, C IPFA

G E N E R A L M A N AG E RSamia A l Yousu f

T E A MThaer Abdu l razek ; A isha Akhta r ; Yasmine Abd E l Az i z ; Lo rna Mungka l ; Yousse f Musta fa ; A i l een Pe lag io

Reader Feedback

I N T E R N A L A U D I T O RM I D D L E E A S T

UAE Internal Audit Associationan IIA Global affi l iate

We want your views on the articles and the magazine! Share your thoughts and feedback with us via email at [email protected]

P R E S I D E N TAbdu lqader Oba id A l i

E D I T O RFarah Ara j (Ac t ing )

E D I T O R I A L A D V I S O R Y C O M M I T T E E Fa rah Ara j , CPA, C IA , CFE; Ma jed Bukhashem; Andrew Cox , MBA, MEC, CF I IA , C IA , C ISA, CFE, CGAP, MRMIA; Raymond He laye l , CPA, C IA ; Meenaksh i Razdan, CA, CPA C IA , CFE; Hossam Samy, CRMA, CFE, CPA, CGA; Nagesh Sur yanarayana , MBA, C IA ,CCSA; James Tebbs , CA; V isha l Thakkar, ACA, C IA ; I ssam Zagh lou l , MSc, C ISA, C ISSP, CGE IT

A R A B I C R E V I E W T E A MAyman Abde l rah im, MQM, C IA , CCSA, CFE; Wa leed Swe imeh

JUNE 2014VOLUME 2014: 2

C O N TAC T I N F O R M AT I O N

A D V E R T I S I N G & A D M I N I S T R AT I O NYasmine Abd E l Az i z yasmeen@i iauae .o rg Te l : +971 4 433 9082

E D I T O R I A L Farah Ara j ed i to r@in te rna laud i to r.meTe l : +971 50 850 1780

D E S I G N & P R I N T I N G Gi r i sh MehtaAdventure G loba l g i r i sh@adventure-g loba l .comTe l : + 971 4 393 7696

A R A B I C T R A N S L AT I O N & L AYO U THossam Sami rE laph Trans la t ion hossam@elapht rans la t ion .comTe l : +971 4 331 0332

G U I D E L I N E S F O R AU T H O R Swww. in te rna laud i to r.me

D I S C L A I M E R SI n te rna l Aud i to r – Midd le Eas t i s in tended on l y f o r members o f the Ins t i tu te o f In te rna l Aud i to rs in the Midd le Eas t and as such i t i s no t in tended to be so ld o r re-so ld by any par t y.

The v iews expressed in I n te rna l Aud i to r – Midd le Eas t are so le l y those o f the au thors , and do no t necessar i l y represen t the v iews o f the UAE- IAA o r the au thors ’ respec t i ve employers .

I n te rna l Aud i to r – Midd le Eas t i s a peer- rev iewed magaz ine and does no t ve r i f y the o r ig ina l i t y o f the con ten t submi t ted by the au thors .

I n te rna l Aud i to r – Midd le Eas t i s pub l i shed quar te r l y by the UAE In te rna l Aud i t Assoc ia t ion (UAE- IAA) , 8 th F loo r, Bu i ld ing 4 , The Ga l le r ies , Downtown Jebe l A l i , Duba i , P.O. Box 90919, Un i ted Arab Emi ra tes

C O M P L I M E N TA R Y T R A N S L AT I O N P R O V I D E D B Y:

Auditors Must Continue to EvolveThe article Scoring Goals (March 2014) was an interesting read. Given the pace and magnitude of global change, new risks may emerge overnight and consequently the role of internal auditors in a dynamic organisation will continue to expand. As the role of internal audit evolves, the skills and attributes of an internal audit function that determine professional success transform. This shift is evident from my experience of working as a consultant in internal audit practise.

We are sought as first source of advice which requires us to continuously re-position ourselves to effectively contribute to the enhancement of business processes and outcomes through continuously revisiting our audit coverage areas. In my opinion, this article provides valuable insights as to how internal audit functions can provide valuable contribution and have an outstanding impact on an organisation in changing business landscape simply by working on the ABC strategies outlined – being Attuned, Balanced and Credible. I would love to contribute to the ABC strategy for my client and re –engineer our processes to meet the demanding needs of the Audit Committee and the senior management. I believe this approach also helps create challenging work environment that provides better job satisfaction and career opportunities.

Zainab ShafiDubai

Handshakes The article Arabic Coffee (March 2014) immediately grabbed my attention. I believe the article does a good job in summarizing the habits and traditions of Arab communities in the Middle East which may help in finding common ground between internal auditors and

other parties. Further, I would like to emphasize how important it is for people to stand up when shaking hands, as the handshake gives the first impression and standing up while shaking hands is a must in Arab culture.

Gabi Al Far, CPA, CIAAbu Dhabi

Use Experts for Evidence CollectionThe article on Digital Forensics (March 2014) was extremely insightful. The explanation of the practical approaches and uses of digital forensics managed to shed light on an aspect of forensic accounting which is relatively new in the Middle East.

The fact that the article also explained that specialist software is required to back up data, especially with respect to court related matters, was also extremely helpful. Conventional back up methods may not meet the requirements for being admissible in courts and thus it is imperative that the correct forensic imaging tools are utilised.

Ismail Hussain PwC, Doha

MARCH 2014 WWW.INTERNALAUDITOR.ME

A veteran chief audit executive shares his game-plan for adding value and meeting stakeholder needs

SCORING GOALS…

I N T E R N A L A U D I T O RM I D D L E E A S T

I N S I G H T S O N G O V E R N A N C E , R I S K M A N A G E M E N T A N D C O N T R O L

A Rigid Approach to Internal Audit Independence May Destroy Value

The Need for Enterprise Risk Management in the Public Sector

Companies in the Gulf States are Protecting Themselves From Fraud

Page 7: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 5 JUNE 2014

In the Arab world, only

of fraud incidents were detected by Internal Audit

Source: PwC’s Economic Crime in the Arab World

http://www.pwc.com/m1/en/publications/gecs2014reportme.pdf

Knowledge Update

88% say that Anti-Money

Laundering is a priority for senior

management

84% stated that regulatory

changes were a significant challenge to their

operations

Source: KPMG’s Global Anti-Money Laundering Survey 2014

http://www.kpmg.com/Global/en/IssuesAndInsights/ArticlesPublications/global-anti-money-laundering-survey/

Documents/global-anti-money-laundering-survey-v5.pdf

BY V ISHAL THAKKAR

5%

Survey by Protiviti Discusses the Top Priorities for Internal Auditors Internal auditors who are proactive are in great demand accordingly to Protiviti’s 2014 Internal Audit Capabilities and Needs Survey. Internal audit functions should anticipate and respond to new challenges arising from emerging technologies, new auditing requirements and evolving business conditions. The key findings from the survey are as follows:

• Socialmediaisamajorareaofconcernforinternalauditorsalongwithrisks associated with mobile applications and cloud computing.• InternalauditorsplantoenhancetheirknowledgeofCAAT’sandcontinuousauditing and monitoring techniques. • Duetoincreaseinautomationofbusinessenvironments,internalauditorsare directing fraud management efforts towards technology. • NewregulationandstandardssuchastheCOSOframework,IIAstandardsandUS Cyber security guidelines are impacting the work of internal auditors. • Presentationskillsandnegotiationsskillsarethetopsoftskillsthatinternalauditors need to improve on.

http://www.protiviti.com/en-US/Documents/Surveys/2014-Internal-Audit-Capabilities-and-Needs-Survey-Protiviti.pdf

PwC’s 2014 State of the Internal Audit Profession StudyBuilding a world-class internal audit function which is responsive to growing stakeholder expectations and an expanding risk universe is a matter of deliberate design and planning. This is one of the findings of PwC’s 2014 State of the Internal Audit Profession Study. The study, which is in its 10th year, reflects the views of close to 2,000 chief audit executives from around the world. These Chief Audit Executives provided insight on the performance of internal audit and how they are increasing the value they provide to their companies. The survey’s results suggest that internal audit can deliver the most value when it aligns its skills and capabilities to stakeholder expectations. The results also showed that when the expectations of internal audit’s various stakeholders are aligned, the function performs well and is seen as providing significant value, irrespective of the level at which it is expected to deliver i.e. trusted advisor, assurance provider or somewhere in between. However, internal auditors who were trusted advisors were perceived to provide more value than internal auditors who were solely assurance providers. Additionally, internal audit function at every level should always look to add value by expanding their capabilities in emerging areas such as data analytics, leveraging greater subjectmatterexpertiseandenteringintoemergingriskspacessuchascompliance,ITsecurity, geographic or product expansion and new acquisitions.

http://www.pwc.com/en_US/us/risk-assurance-services/publications/assets/pwc-state-of-the-internal-audit-profession-2014.pdf

Page 8: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

JUNE 20146 INTERNAL AUDITOR - MIDDLE EAST

Internal Audit Effectiveness in the Public Sector

Fifth Annual Anti-Corruption Survey by Dow Jones Risk & ComplianceCorruption is a major concern for companies deciding on whether to enter emerging markets, according to the Dow Jones’s 2014 Anti-Corruption Survey. The survey results showed that 67% of the companies surveyed stopped working with a business partner as a result of concerns of violations of anti-corruption regulation. Similarly, 1/3 of companies stated they had lost business to competitors who are not complying or are not required to comply with anti-corruption regulation. With regards to anti-corruption programs, 82% of correspondents globally had programs in place (Western Europe had the highest percentage of companies with anti-corruption programs at 95%). Reasons for not having anti-corruption programs included: having other policies covering anti-corruption, not operating outside their home country and having relatively small sized operations. The main components of anti-corruption programs that were mentioned by respondents were a code of conduct, internal training, auditing compliance and due diligence of new business partners. It should be noted that only half of the respondents are confident with the due diligence component of their anti-corruption programs. Only 37% of companies update their due diligence of business partners every 2 years and 35% use a risk-based approach for the updates. Due diligence is carried out internally in most companies. http://images.dowjones.com/company/wp-content/uploads/sites/15/2014/04/Anti-Corruption-Survey-Results-2014.pdf

The COSO Internal Control Frame-work and its Rela-tion to the COBIT 5 FrameworkISACA has released a white paper showing the relationship between the updated COSO Internal Control—Integrated FrameworkandCOBIT5.COSO’sinternalcontrol framework is used by companies across the globe as a benchmark for their internalcontrolprocesses.COBITisusedas a framework to effectively govern and manage their information and technology (which is also covered to an extent in the Information & Communication component of the COSO Internal Control Framework). The guidance is useful for professionals and companies that use or are planning to use both frameworks. The paper matches the 17 Principles of the COSO Internal Control Framework to the correspondingCOBIT5process.Similarly,thepaperoutlinesCOBIT5’srelationshipto specific COSO principles and matches therelevantCOBIT5frameworkcontentwith the associated areas in the COSO Internal Control framework. One of the main conclusions of the white paper is the fact that both frameworks complement each other. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Relating-the-COSO-Internal-Control-Integrated-Framework-and-COBIT.aspx

The IIA Research Foundation has released a new research report titled “Nine Elements Required for Internal Audit Effectiveness in the Public Sector”. The report aims to address the unique challenges faced by internal auditors in the public sector. The research studied the various barriers to internal audit effectiveness in the public sector and identified regional differences across the world.

The 9 elements that were identified are as follows:

1. Organizational Independence2. A Formal Mandate3. Unrestricted Access4. Sufficient Funding5. Competent Leadership6. Objective Staff7. Competent Staff

8. Stakeholder Support9. Professional Audit Standards

This report can assist practitioners to identify areas that would be most beneficial for them to target for improvement within their own organizations.

http://www.theiia.org/bookstore/product/nine-elements-required-for-internal-audit-effectiveness-in-the-public-sector-1820.cfm

Knowledge Update

Page 9: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

Dates Course Name Number of CPE Target Participants

June 17 - 19 Anti Bribery & Conducting Business Responsibly 24 Intermediate Level / Advanced Level / Foundation Level

June 19 HowToSetupAFraudDepartment(English) 8 Advanced Level

June 25 & 26 Planning, Managing and Follow-up of the Internal Audit Project 16 Foundation Level / Intermediate Level

June 24 – 26 ISO22301 Business Continuity Management Systems – Internal Auditor 24 Intermediate Level / Advanced Level

Dates Course Name Number of CPE Target Participants

August 12 - 14 BeginningAuditorTools&Techniques 24 Foundation Level / Intermediate Level

August 17 - 19 Communication Skills For Auditors 24 Intermediate Level / Advanced Level / Foundation Level

August 20 - 21 Risk Based Audit 16 Foundation Level / Intermediate Level

August 24 - 25 Creative Problem Solving For Auditors 16 Foundation Level / Intermediate Level

August 27 - 28 Risk Management - ISO 31000:2009 16 Intermediate Level / Advanced Level

Dates Course Name Number of CPE Target Participants

September 3 - 4 Standards For Internal Audit 16 Intermediate Level / Advanced Level / Foundation Level

September 10 - 11 HowToConductOperationalAudit 16 Foundation Level / Intermediate Level

September 14 - 15 COSO Based Internal Audit 16 Intermediate Level / Advanced Level / Foundation Level

September 16 - 18 AuditorIn-chargeTools&Techniques 24 Foundation Level / Intermediate Level

September 21 HowToSetupAFraudDepartment(Arabic) 8 Advanced Level

September 21 -25 CIA English Parts 1 & 2 40 Intermediate Level / Advanced Level / Foundation Level

June 2014

August 2014

September 2014

TRAINING EVENTS

For further information on course fees, content and trainer, please free to call or email us:Tel: 04 4339 102, Mob: 055 7275 100, Email: [email protected], [email protected]

UAE Internal Audit Associationan IIA Global affi l iate

Contact Us:

Page 10: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

JUNE 20148 INTERNAL AUDITOR - MIDDLE EAST

UAE-IAA Events

The 11th annual Global Council took place 9–12 March 2014 in Dubai, U.A.E., with 143 delegates, senior IIA leaders, and IIA staff representing over 80 countries. This was the largest Global Council in The IIA’s history attended by the largest number of participants.

Paul Sobel, Chairman of the IIA opened the Global Council with the institute roll call and AbdulQader Obaid Ali, President of the UAE Internal Audit Association welcomed attendees to Dubai. These leaders came together to learn about IIA initiatives, share their insights on key strategies that impact The IIA and the profes-sion, and network with colleagues.

The focus of the Global Council discussion sessions was to gather input from institute representatives on strategic issues that are

2014 Global Council — Dubai, UAE

currently being addressed by IIA committees or task forces. These issues are:

•StrategicPlanning•AdvocacyStrategy•ReassessingtheInternationalProfessionalPracticesFramework•MembershipValueProposition

The delegates and their guests also enjoyed a desert adventure and dinner hosted by the IIA that included dune-surfing ride into the desert, camel rides, and several local attractions during a tradition-al meal under the stars.

The next Global Council will be held in Beijing, China on 9‒12 May 2015.

BY SAMIA AL YOUSUF

Page 11: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 9 JUNE 2014

UAE-IAA Events

The UAE-IAA held a CAE Business Breakfaston6May2014atEtihadTowersin Abu Dhabi which was attended by over 30 CAEs.

The purpose of this get together was to share the new vision, mission, strategy & values of the UAE-IAA along with the agreed upon roadmap.

In addition, during the meeting, the UAE-IAA announced the upcoming CAE Conference on 16 & 17 November 2014 which is themed “Management of Change: Lead the change or be changed” and would be taking place in Etihad Towers in AbuDhabi. The meeting also gathered opinions on the topics that should be discussed during the conference.

Chief Audit Executive Business Breakfast

15th Annual Regional Audit Conference

UAE-IAA Strategy Meeting

The 15th Annual Regional ConferencewasheldattheDubaiWorldTradeCentreon16& 17 March 2014. The theme of the conference was: Formula 1 / Audit, The Future Race.The conference attracted the highest number of attendees, in the history of the conference and included delegates from GCC countries, Yemen, Jordan, Lebanon, Sudan and India.The conference: for the first time in internal audit, the conference was completely smart as followingtookplaceviaToshibatablets:Interactionwiththespeakers,attendancerecords,feedback, agenda and presentations. There were 9 workshops (8 workshops conducted in English and 1 workshop conducted in Arabic) in collaboration with UAE-IAA’s strategic partners. In addition and for the first time, there were 7 tracks to choose from as 6 tracks were in English and 1 track was in Arabic. The conference had the highest number of speakers in its history (including workshop) which totalled 67 speakers

The Board of Governors & Executive Committee tasked Ms. Ayesha Bin Lootah (Board Member) & Mr. Ali Al Muwaijei (Board Member)toreviewandtoconductaSWOTanalysisontheexistingstrategy. Following that, a half-day workshop was conducted in the Intercontinental Hotel – Dubai Festival City on 19 April 2014 to finalize the strategy of the UAE-IAA.

The new vision, mission & values of the UAE-IAA are:Vision:To be a leading association that promotes innovation andexcellence in Internal Auditing.Mission:Provide dynamic leadership for internal audit profession by:• Advocatingandpromotinginternalauditing• ProvidingprofessionalinternalauditservicestostakeholdersCore Values:• Integrity,Objectivity,Transparency,Proficiency,Innovation, Pro-activenessThe strategic goals for the UAE-IAA for 2014 were narrowed down to the following:• Maintainfinancialstabilitytocarryoutbusiness• ImproveUAE-IAARegional&Globalprofile• Maximisestakeholdersatisfaction• Enhancemarketing&brandingoftheassociation• Enhancequalityofprofessionalforums&training• Enhanceinternalgovernance• Maintainingapoolofcompetent&motivatedstaff

Page 12: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

JUNE 201410 INTERNAL AUDITOR - MIDDLE EAST

Governance Perspectives

BY RAMI WADIE

It’s time for CORPORATE GOVERNANCE in the GCC public sector

RAMI WADIE, GRCP, CPA, CMA is a Partner & Corporate Governance Leader for Enterprise Risk Services at Deloitte Middle East.

One of the key pillars of economic development and a clear indication of a healthy economy is corporate governance, and the financial crisis has increased the focus on effec-

tive governance frameworks both regionally and globally. This is evidenced by the recent introduction of corporate governance codes for banks and the Capital Markets Authority in Kuwait, and continuous enhancement of the existing codes in Qatar, UAE and KSA, for example.With 24/7 social media alerts, as well as scrutinized government budgets, past scandals, and legislations around the world targeting corruption, there is an increased demand for accountability. Public skepticism, combined with unprecedented transparency, is placing everyone under scrutiny. The boundaries of accountability and responsibility are rapidly expanding, challenging individuals in authority to consider the public and its agenda.Consequently, a well-functioning public sector, delivering quality public services consistent with citizen preferences that fosters market growth while managing fiscal resources prudently, is con-sidered critical.Equally if not more important, with special emphasis on Gulf Cooperation Council (GCC) states - due to the high-concentra-tion of wealth within the public sector, state-owned enterprises, and national oil companies play a key role in the society. As such, effective governance within the public sector would encourage efficient use of resources, strengthening of accountability for the stewardship of those resources, and improving management and service delivery, thus contributing to enhanced quality of living. Effective governance is also essential for building confidence in public sector entities — which is in itself necessary if public sector entities are to be effective in meeting their objectives.In the GCC, public sector governance has not received a sig-nificant level of attention. Certain states have taken active steps towards the same, while others still lag behind, despite economic prosperity. This is perhaps a result of the lack of strategy and clear definition of expectations of the public sector and public service at large. Driving a shift in the mindset, a focus on the quality of services needs to be the target, laying the foundation on an overall

strategy focusing on integrity, transparency, as well as efficient and effective use of resources through:1. Proper definition of strategy and purpose, including clear citizen and service users’ quality of service measures and defined key performance indicators.2. Clear organizational structures, reporting lines and processes, defining clear roles and responsibilities, as well as governance oversight bodies, such as audit and risk committees.3. Talent management, as the public sector should be regarded as a good attraction and development of talent.4. Promotion of ethical conduct by establishing codes of conduct and whistleblowing hotlines.5. Clear definition of accountability for public wealth policies, transparent internal and external reporting, and use of appro priate accounting policies and standards, as well as clear per formance measures.6. Focusing on the Lines of Defense (internal audit, risk man agement, control and compliance), ensuring compliance with applicable laws, regulations and internal mandates, stronger internal controls, and enhanced risk management (including business continuity and information security), while integrating the relationship between internal auditors, external auditors and the State Audit Bureau/Regulators, as applicable.Proper governance frameworks strengthen accountability mecha-nisms and open channels of communication within and across the various market players. Accordingly, the public sector can be more confident about delivering defined outcomes and being accounta-ble for the way in which results are achieved. Good governance also leads to good management, good steward-ship of public wealth, good public engagement and, ultimately, better outcomes for citizens and service users. All organizations should aim to meet the highest governance standards; as such, governance arrangements should not only be sound but also be seen to be sound.

TO COMMENT on the article,EMAIL the author at [email protected]

Page 13: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS
Page 14: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

JUNE 201412 INTERNAL AUDITOR - MIDDLE EAST

Conversations with Colleagues

BY MEENAKSHI RAZDAN

Dubai World Trade Centre’s Head of Internal Audit is a role model for Emirati women who

aspire for leadership roles in internal audit

In an exclusive interview, Internal Audi-tor - Middle East spoke to Mona Abbas Hussain, CRMA who has been the Head

ofInternalAuditofDubaiWorldTradeCentre(DWTC)since2008.Monabeganher 15 year career as an accountant at a bank and worked her way up the corporate laddertothetopauditpositionatDWTCwhere she established the independent internal audit department. Mona is a mem-ber of the UAE Internal Audit Association (UAE-IAA)andservesastheViceChair-man of its Fraud Subject Matter Group.

Internal Auditor - Middle East met with MonaAbbasHussainatDWTC’sofficesinDubai.

MONA ABBAS HUSSAIN

Page 15: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 13 JUNE 2014

Interview

“Today Emirati women in internal audit are influencing corporate

strategy and policies”

What made you decide to become an internal auditor?

My professional career started 15 years ago as an accountant with a reputed bank in the Middle East. I have always had a desire to learn more about business and best practices and that is what made me shift my career from Accounting to Internal Au-dit 11 years ago. Internal auditing is a rap-idly developing profession and the constant challenges at work have been gratifying not only at a professional level but at a personal level as well. In the past this profession was the domain of men and I wanted to break that barrier; and this is where my passion to succeed stemmed from.

How has being a woman in the inter-nal audit profession impacted your career?

When I decided to become an internal auditor eleven years ago, I initially sensed some apprehension from my peers about my decision. They discussed with me the challenges in this role and the physical and mental endurance needed to be able to function in this role. However, I was determined to achieve my goals regardless of any obstacles. My drive to challenge con-ventions and the passion to succeed helped me garner the support and the guidance I needed in my initial years in this profes-sion. My colleagues at work were extremely supportive and helped me propel my career. The support of my family particu-larly my parents and my husband and the confidence they showed in my ability kept me motivated. I am especially thankful to my late father, Mr. Abbas Hussain, who always believed in equality between man and a woman and maintained that in the household and also the outside world. I am particularly grateful to the vision of H.H. Sheikh Mohammed bin Rashid Al Mak-

toum who has made Dubai an advanced and educated city which is full of oppor-tunities, and where female empowerment and development is encouraged. I would like to thank our CEO Mr. Helal Saeed Almarri & the Board Audit Committee for their support and encouragement over the last 8 years. Last but not least, I am alsothankfultoMr.ButiAlGhandi,ViceChairmanofDWTCwhoisstillmymen-tor 8 years after joining the company.

What is the biggest barrier to having Emirati women join the internal audit profession? Is the UAE-IAA doing enough to support the entry of women into the audit profession?

One of the biggest obstacles I see for Emi-rati women in the workforce is maintain-ing a balance between their personal and professional lives. Another challenge for Emirati women is to assimilate into a high-ly male-dominated profession. However, I would not want them to deter from having a personal goal and the passion to achieve it. Women are blessed with several innate strengths which enable them to fulfill several roles and responsibilities. Patience, compassion, multi-tasking skills, attention to detail, planning and organizing skills are some of the strengths which help them overcome the obstacles in their career path.

Having female heads of audit may be common in the west but not so much in the Middle East. What do you think are the top 3 things that Emirati women need to do to become heads of internal audit?

From my experience, the three top pillars to consider are: - Ambition: By setting aspirational goals and values, it becomes easier to excel

in such a fast-paced industry. It is also imperative to learn from others around you, including colleagues, stakeholders and senior management.- Leadership skills: Professionals need to develop leadership skills and earn respect from colleagues. Emirati women should aim to leave a lasting impression on col-leagues, ensuring hard work is recognized in meetings.- Educate: Finally, it is important to continue learning and expanding their knowledge-base in the industry. Invest-ing in academic courses ensures that internal auditing certificates such as CIA and CRMA are earned. Knowledge and expertise are absolutely essential to gain a competitive edge.

Are internal audit skills preparing Emirati women for board positions?

Yes, absolutely. Internal auditing is a profession that provides a holistic view of businesses and the underlying processes. Internal auditors are familiar with key con-trols, risks and practical solutions that help make organisations successful and efficient. This knowledge definitely prepares Emirati women to reach the highest positions in any organisation – including CEO and Board member positions.

Finally, do you think that Emirati women have proven themselves as effective heads of internal audit?

Yes, I do. I started my career fifteen years ago and midway, was focused on building theinternalauditdepartmentofDWTC.During this time, I also completed the External Quality Assurance Review Certificate, based on the Quality Assur-ance Review conducted by The Institute of Internal Auditor’s team in September 2011. Successfully earning this qualification is the greatest accomplishment in my career so far.

This proves that Emirati women can not only become internal auditors, but also have a meaningful impact on their organ-isation. However, I also understand that a lot more can be done to empower Emirati women to take on a central role of internal audit, and I believe that the profession will greatly benefit from their work.

TO COMMENT on the article,EMAIL the author at [email protected]

Page 16: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

14 INTERNAL AUDITOR - MIDDLE EAST JUNE 2014

BY FARAH ARAJ

Climbing to the Top

The story of how ENOC’s internal audit department elevated itself from a compliance focused function to become a valued business partner

Audit Management

BackgroundEmirates National Oil Company (ENOC) is a regional integrated oil & gas group owned by the Government of Dubai. ENOC has over 7,000 employees and operates through over 30 subsidiaries covering oil & gas production, storage facilities, energy trading, gas stations and other areas. These subsidiaries operate mainly in the UAE, Saudi Arabia, Africa, Central Asia, Singapore and Korea. ENOC’s motto is ‘Behind Every Successful Journey.’The Directorate of Internal Audit and Business Ethics (IA&BE) is one of the corporate departments within the ENOC group and is led by Aley Raza, Director Internal Audit and Chief Ethics & Compliance Officer (DIA). It reports to ENOC Board Audit Committee functionally and administratively to the Chief Executive Officer (CEO). In addition to its core assurance role, it has actively worked with ENOC management to improve governance and control processes at a corporate level and across its subsidiaries. IA&BE’svisionis‘Toberecognisedbyallstakeholdersasaprofessionalbusinesspartner…’IA&BE has significantly evolved and widened its scope of contribution over the years. IA&BE has two functions – Internal Audit (IA) and Business Ethics & Compliance (BE). IA&BE was established with a small team of three professionals and has now grown to eighteen professionals with different industry experience and advanced qualifications and certification. In addition, the department has transformed from being a business support division to a value-added internal audit function through management support, understanding stakeholder needs and taking on new initiatives.

Page 17: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 15 JUNE 2014

Audit Management

“Our focus is not only on enhancing

our performance and productivity but doing so with the highest levels of

business principles” Saeed Khoory,

ENOC’s Chief Executive Officer

“Our focus is not only on enhancing our performance and productivity but doing so with the highest levels of business principles. Since inception we have been led by our core values of team work, integrity, transparency, respect and customer focus. We have further strengthened this with the inception of a Business Ethics & Compliance function and a Code of Business Conduct that is applicable across every operation of ENOC and its group companies as well as its partners.” said Saeed Khoory, ENOC’s Chief Executive Officer (CEO).

A Foundation for Excellence In 2000, EPPCO IA and ENOC IA were merged to form ENOC group IA function. Since 2000, the function was more focused on delivering value though organisation and business support studies like organisation reviews, restructuring and development of policies and procedures for the group. After 2007, a new Board was formed and ENOC’s new CEO was appointed. The changes in management resulted in steady shift in the department’s approach from being a business support to a risk based internal audit function. The necessary shift in internal audits in the organisation arose due to the rapid alterations in market trends and their incorporation into the business control environment.Furthermore, ENOC’s crowning achievement during this era was the formation of a non-executive Audit Committee, which has served as the driving force behind many of the department’s achievements. Now IA&BE provides assurance services to entire ENOC group, its various subsidiaries and joint ventures. Apart from the core activity of providing assurance services to various entities and departments within the group, IA&BE has played a key role supporting ENOC management in streamlining and establishing a control framework in various group companies and enhancing corporate governance framework. IA&BE adheres to quality measurement criteria prescribed by IIA in performing internal audits and related activities and according to a survey done by PWC, IA&BE ranked amongst top 25 per cent in the region in providing a cost effective and efficient service. IA&BE has been awarded ISO 9001:2008 Quality Certification by

the Lloyds Register Quality Assurance (LRQA) in December 2010.The department has proved to be an effective resource pool by assigning audit professionals to group entities. IA&BE contributes effectively to the group’s objective of UAE National Development and has also designed an effective training programme to equip them with auditing skills sets.

Enterprise Risk Management (ERM) Although the department had transformed into an effective service provider, it was predominantly focused on service delivery of internal audits to the group. It was now time to focus on enterprise-wide initiatives which strengthen control environment at ENOC. The department was already conducting risk assessments as part of the internal audit planning and execution under the guidance of ENOC Audit Risk Committee (EARC). As ENOC was undergoing organisational restructuring, the department worked on a risk assessment framework including specifying the roles and responsibilities of ERM function, its establishment and reporting structure. The Board decided to establish the ERM function under Group Finance Department. However, the department provided resource for the function and continues to provide guidance for development of ERM policies in line with the COSO and ISO31000 as well as part of Enterprise Risk Management Committee (ERMC) chaired by CEO. The introduction of the ERM process has allowed internal audit to focus on providing assurance on establishment of controls and mitigating risks.

Business Ethics & ComplianceThe second major enterprise-wide initiative driven by the department was launch of ENOC’s Code of Business Conduct (the Code).BuildingontheCoreValuesofENOC,theCodereflectsENOC commitment to uphold the highest ethical values in ‘The Way We Lead.’The Code was developed in-house by ENOC in collaboration with corporate departments and business units, while being spearheaded by the IA&BE, and fully supported by the Board of

Page 18: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

16 INTERNAL AUDITOR - MIDDLE EAST JUNE 2014

Ethics has been set up to promote and roll-out the corporate governance framework. The ENOC CG programme provides a governing framework, structure and system by which ENOC and its’ companies are directed and controlled to set their objectives, define means to attain these objectives, and establish their monitoring mechanisms.

The Corporate Governance Progression Level Matrix adopted by ENOC has six key attributes and four levels starting with ‘compliance with laws and basic corporate governance formalities’ to ‘corporate governance leadership.’ The programme is well-founded as it has been benchmarked with various regional and international CG Codes and inputs have been sought from institutions like the Organisation for Economic Co-operation and Development’s Guidelines (OECD), Hawkmah and GCC BDI. IA&BE staff are also part of the taskforce working to revise the OECD guidelines for State-Owned Enterprises. Aley Raza said: “The CG programme is designed to support ENOC in its new investment strategy. A strong CG framework will successfully support all stages of the investment process and hence, the Company’s overall prospects to build a strong growing enterprise.”

Conclusion The IA&BE department has come a long a way since its establishment. Though the number of people has remained the same, the roles they play have changed significantly. The commitment and dedication of the IA&BE team, as well as the support of the senior management, the CEO and the Audit Committee, have all been instrumental to the department’s climb to the top. But has the department achieved its vision of becoming a ‘professional business partner’? It might be so, however, Raza believes that there is still room for growth. “Our vision is to continue our journey, rather than come to complete stop.”From the incredible journey shown in the IA&BE department, we can take away one very important lesson from ENOC, and that is that Internal Audit should continuously evolve to meet the needs of the business.

Directors’ Audit Committee. Human resources, procurement and other policies, were linked to the Code to ensure its integration in key business activities. Subsequently, a programme was designed to sustain the principles of the Code and reinforce a culture of ethical behaviour. Business Ethics & Compliance (BE&C) function was established under the IA&BE with the DIA assuming the additional role of the Chief Ethics & Compliance Officer (CECO).

Reporting to CECO and managing BE&C function is Hend Al Rumaithi, a UAE national.Having BE&C with IA gives the function necessary independence to carry out its mandate effectively. A Business Ethics Committee has been formed and chaired by the CEO to make key decisions in relation to handling reported cases, conflict of interest disclosure and other compliance matters.The introduction of the Ethics Hotline was a major achievement. ENOC’s Ethics Hotline is a confidential multilingual independent platform managed by an external independent service provider and available through a phone and online reporting system. The purpose of the hotline is to report any conduct that may be in violation with the Code and cultivate a positive work environment. Updates on the reported cases are also provided to ENOC Board Audit Committee.ENOC Code of Business Conduct, supported by a programme and a function, fosters a positive ethical working environment and is embedded in the day-to-day business activities in The Way We Lead.

Corporate Governance IA&BE has been part of various successful initiatives at ENOC group which have enhanced governance and also assisted in strengthen tone at the top at the group. ENOC strongly believes that good governance has contributed substantially to the success of the company and is essential for good business prospects inthelong-term.TofurtherenhanceCorporateGovernance(CG) practices at ENOC, Saeed Khoory initiated a Corporate Governance Programme in 2012. A Steering Committee comprising members of ENOC Group Finance, Legal and the Directorate of Internal Audit and Business

TO COMMENT on the article,EMAIL the author at [email protected] Audit Management

“As the business moves we adapt and evolve internal audit

accordingly” Aley Raza,

ENOC’s Director of Internal Audit

Page 19: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS
Page 20: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

18 INTERNAL AUDITOR - MIDDLE EAST JUNE 2014

Anti-Corruption

The importance of an anti-corruption program and the role of the internal auditor in ensuring it is effective

The Increasing Importance of Anti-Corruption Programs

For many years, the Middle East’s lack of integration with the global economy was a constraint on the

region’s economic growth. Now an upswing in trade between certain countries in the region and major global economies highlights a growing shift in dynamics. TradebetweentheMENAregionandtheUnited Kingdom, for example, increased by 11 percent in 2013 alone.

This growth is no doubt due to the concerted government efforts to attract foreign capital by positioning their country as an investment hub and growth engine that is powered by favourable factors including a sizeable middle class of 400 million people and strategic initiatives to diversify from oil.

Unfortunately, it’s not all good news: increased international business opportunities bring increased risk. A growing concern for MENA-based organizations is the risk of unwittingly being associated with corrupt practices. The US and UK authorities have been most active in this regard, partially in response to high-profile cases of bribery and corruption threatening to taint prestigious corporations associated with their countries. Given the increasing trading activity between the region and the UK and US, awareness of the myriad Anti-Bribery and Corruption (ABC) regulations has become vital for MENA firms which want to attract foreign customers and capital. But how can

organizations ensure they do not fall foul of ABC regulations and risk substantial fines and reputational damage? The US Department of Justice has frequently been quoted as saying that a minimum requirement of an effective anti-corruption compliance program is the systemic monitoring of its effectiveness - including anti-corruption compliance audits - to identify any potential issues, and this is where internal auditors can be very effective. While the regulatory environment is constantly changing and expanding, there are key pieces of legislation that internal auditors should be aware of in order to support the effectiveness of their company’s ABC programs.

International legislation with a substantial reachThere are two leading anti-corruption and anti-bribery legislative acts which set the bar for government agencies everywhere - the US Foreign Corrupt Practices Act (FCPA) of 1977 and the UK Bribery Act (UKBA) of 2010.

1. FCPABefore the more recent UKBA, the FCPA was considered the leading legislation in the fight against corruption, with significant implications for multi-national corporations.A federal law enacted in 1977, the FCPA prohibits companies from paying bribes to

BY PAWAN HEGDE

Page 21: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 19 JUNE 2014

Anti-Corruption

foreign government officials and political figures to put business their way.Enforcement of this legislation has increased dramatically in recent years, and is a feature of the war waged by US authorities against financial crime and international terrorism, the two of which are inexorably linked. The legislation bans three types of entities from making improper payments: issuers, domestic concerns and foreign nationals and businesses 1. It’s also important to note that a third party or agent acting on behalf of an issuer, domestic concern or foreign national is liable under the same conditions.In 1998, the FCPA was amended to broaden the jurisdiction over multinationals, which meant that US parent corporations can be held liable for actions carried out by their foreign subsidiaries if this action is authorized, directed, or controlled by the US corporation.An example of a recent enforcement is the case of a French based oil and gas company, found guilty in 2013 of paying bribes to intermediaries of an Iranian government official to influence valuable contracts. The company agreed to pay US$398 million to settle US Securities and Exchange Commission and criminal charges.

2. UK Bribery ActThe UK Bribery Act of 2010 (UKBA) updated Britain’s anti-corruption and bribery laws and brought them in line with global standards. This progressive piece of legislation put the burden of responsibility squarely on the shoulders of senior executives who, if a transgression is found, can be held personally liable for the corrupt actions of not only their own company but any of their subsidiaries or third party agreements. The legislation created a new strict liability offence for corporates where persons performing services on behalf of the corporate commit a bribery offence. This meant that corporate entities can be found guilty of the corporate offence of failing to prevent bribery if an ‘associated person’ carries out an act of bribery on their behalf.

Interestingly, prosecution under the UKBA can happen even if corrupt activity did not

actually take place, all the enforcement authorities need to prove is that there was intent to unfairly influence the course of business to someone’s advantage. If it can be shown that there was consent or connivance on their behalf, even if the acquiescence was passive, senior officers can be prosecuted and face up to 10 years in prison or a fine, or both.

Increasing local legislation In keeping with other emerging economies, local legislation is adapting to international practice and governments are acting to bring about greater transparency and accountability. The United Arab Emirates was the first government in the region to institute an anti-corruption law, a sign of the government’s commitment to increase its role as a centre for international business by increasing transparency and good governance. Other Middle Eastern countries have adopted the United Nations Convention against Corruption (UNCAC), although

The internal audit function can add particular value by identifying potential risks and providing assurance that policies and procedures are effective.

there is still some way to go before implementation of specific anti-corruption policies.Saudi Arabia last year initiated a crackdown on corruption through the newly created National Authority for Combating Corruption. In Qatar, a new anti-corruption committee has been

created, monitoring enforcement of the ABC provisions in the criminal procedures law, and in Bahrain, the Prime Minister called for new measures to combat economic crime and the establishment of an anti-corruption agency. This local legislative activity is all part of a significant worldwide trend of amplified anti-corruption activity. At the same time enforcement of ABC regulations have been stepped up, generating several billion dollars in fines worldwide. 1 Issuers are companies that have securities registered in the U.S. or are required to file reports with the Securities and Exchange Commission; domestic concerns refer to any nationals and residents of the US and local business entities while foreign nationals and businesses are non US residents and businesses located outside of the US.

Page 22: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

20 INTERNAL AUDITOR - MIDDLE EAST JUNE 2014

Anti-Corruption

The role of the internal auditor With the intensified regulatory environment, an upsurge in enforcement activity and the increasing rhetoric from politicians and authorities about ‘rooting out corruption’, it is no longer possible to have a ‘tick-box’ compliance program, left to the responsibility of one or two people within your organization. There are a number of ways that the expertise of the internal auditor can take a new level. In fact, it is internal auditors who often make the difference between a standard anti-corruption and a truly effective best practice program.

• Helptochoosea strategic approachWhere input from internal audit is perhaps the most valuable is in the planning and strategic design of the anti-corruption approach. It is here that internal audit can help executive management to save valuable time and money by helping to identify and prioritize the areas of risk that need attention.Given the volume of information that can pass through an organization on a daily basis, all of which needs classified, screened and reviewed, it is simply not possible to scrutinize every transaction and client record to the same level of detail. A risk-based approach is the only answer, and an internal auditor can assist in these strategic choices, which depend on the risk appetite of the organization and its business strategy.

A proactive approach to anti-corruption

- one that follows a motivated and justified risk-based approach - will put the regulator’s mind at ease and will provide the strongest defence against compliance breaches.

• ReportsuspiciousactivityWith their insight into all processes of the organization, auditors are well placed to pick up discrepancies and suspicious activity. But remember: while an auditor should possess sufficient knowledge to recognize evidence of fraud, it is not their primary responsibility to uncover fraud and corruption. Instead, they need to be able to raise a flag when they come across something that may or may not be suspicious but is outside of the norm, and then report this to the designated staff within the organization for further investigation without needing to show proof of wrongdoing.

• Don’tloseobjectivityInternal audits have a powerful deterrent effect and signal a commitment to anti-corruption from senior management to both external and internal stakeholders. A robust internal audit function is able to monitor an anti-corruption program as well as any remediation efforts necessary toplugholesintheprocess.Tostayobjective, however, it’s important that internal audit remain independent from the implementation of remediation efforts, otherwise their ability to properly review and assess may be compromised.

Be safeIt is the detail that an audit provides

TO COMMENT on the article,EMAIL the author at [email protected]

• Risk assessment – to understand the extent of the organizational exposure• Program design – to effectively outline procedures and controls that adequately respond to the risk identified through the assessment. • Definition and implementation of policies – clearly defined goals and objectives with equally clear lines of communication. • Building and operation of controls – helps effective management of the program and ensure achievement of objectives. • Training and education of the workforce – often overlooked, the training and sensitization of staff members to activities that may be potentially harmful to the organization is key. • Monitoring and evaluation – analysing and testing of key points of the program is crucial if the program is to succeed.• Review, realignment and reporting of the policy – essential within such a dynamic regulatory environment

As Simple as ABC?

Building A Successful

Anti-Corruption Program

that may make the difference between success and failure. As recent cases show, it is often the organization that has a long standing compliance program in place, but has become complacent in its enforcement, that is at risk of falling foul of authorities. Their crime is not the absence of a compliance policy but the absence of effective controls and monitoring systems of their existing policy. While it is impossible to be all-seeing and all-knowing, executives must be able to prove is that they not only put ‘adequate procedures’ in place, but also took steps to understand their exposure to risk and to know their customers, suppliers and partners. In effect, being proactive rather than passive is key to a successful anti-corruption program, and this is perhaps the biggest contribution that an internal auditor can make. The more that is done at the start of the planning and formulation of an anti-corruption program, the better off an organization will be. After all, what internal auditors do best is to provide independent, objective assurance that adds value to an organisation’s operations. What better way to support good organisational reputation and long-term stability than steering clear of corruption and bribery while providing good service to your customers?

PAWAN HEGDE is Managing Director, Governance, Risk and Compliance for Thomson Reuters in the Middle East, Africa & Russia.

Page 23: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

ACCELUS AUDIT MANAGER

Internal audit is being asked to evolve beyond the “third line of defense” or ticking regulatory boxes. Boards and senior management now value the insight and analysisthat a strong audit function can deliver. Accelus Audit Manager can help:

• Liberate audit teams from manual tasks

• Enrich your dialogue with the business

• Drive enhancement of audit quality

• Deepen engagement with your board audit committee

• Contribute to business operational excellence

• Improve identification of emerging risks

For more information on Accelus Audit Manager please visit:

http://accelus.thomsonreuters.com

EMPOWER YOUR ORGANIZATION’S AUDIT TEAM

© 2013 Thomson Reuters. All rights reserved.

CONNECT | SIMPLIFY | PERFORM

Page 24: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

22 INTERNAL AUDITOR - MIDDLE EAST JUNE 2014

BY ANUP KULKARNI ED ITED BY RAYMOND HELAYEL

ADDING VALUE FROM A PRIVATE EQUITY PERSPECTIVE

Through the effective use of internal audit, private equity

firms can grow portfolio returns

As the MENA Private Equity (PE) industry returns to normalcy from the burdens of the worst global financial crisis, followed by the political uncertainties arising from Arab Spring events, newer challenges await PE investors and auditors evaluating these investments. Investors are starting to place more importance on the Governance, Risk & Controls (GRC) aspect of business, which has become a relevant consideration in pre-acquisition evaluation of the PE opportunity and its post-acquisition management. The purpose of this article is to share some experiences of interactions between Internal Auditors and PE investment teams and highlight how the audit function could add value to the decision making, and portfolio management of PE investments.

I. Pre-Acquisition PhaseIn the pre-acquisition phase, it is necessary to spend the first few days understanding the business of the target company. Mapping of the shareholding structure, organizational matrix and processes of the business lines would be a valued contribution by Internal Audit to the investment team. In a number of PE investments, process mapping has helped the investment teams to understand the business process, identify key risks and fix critical control gaps prior to commencing the deal negotiations.

Page 25: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 23 JUNE 2014

ANUP KULKARNI, ACA, CFA is an investment professional at an investment company in Abu Dhabi.

TO COMMENT on the article,EMAIL the author at [email protected] Internal Audit

One of the main characteristics of mid-market PE and venture capital investments in the MENA region is that the investment space is dominated by family owned small and medium enterprise (SME) businesses. Most of these businesses have a tendency to maintain key business affairs within the family and decision making may be less formalized. Closely held shareholding, absence of independent board members, lack of separation between directors and management, lack of proper delegation of authority, and inadequate policies and procedures are some of the commonly experienced issues. Since the objective of the PE investor is to exit the investment after a reasonable holding period, preferably through the IPO route, they would ideally want these governance requirements to be fixed before the investment is made. In the due diligence phase of pre-acquisition, Internal Audit could assist in recommending a suitable corporate governance framework and policies, in line with accepted practices and regulatory requirements relevant for a listed company. Another possible challenge with MENA family owned businesses is with regards to investment portfolios. Family offices tend to have investments on their balance sheet which may be unrelated to the principal business activity. Internal Audit’s review of the investment portfolios and its valuation, particularly for investments in related companies, real estate and junk bonds could be beneficial to separate unrelated investments and defining appropriate deal structures.Provision for doubtful receivables is an important area for valuation as well as investment negotiations. In some cases there may not be established policies for providing doubtful receivables. In another instance of a PE investment transaction in a healthcare company in MENA, during the deal negotiation phase, a large receivable which was claimed to be recoverable by the management was found to be small receivables from thousands of cash customers (with no medical insurance) which were 12 to 36 months old. This also included certain insurance claims which were rejected or disputed by the insurance companies. Internal Audit’s review of receivables and recommendation of appropriate provisioning policies, as part of the due diligence process could have helped identify such issues and contributed to the negotiation process. Certain ratchets included in PE term sheets/agreements are based on future recovery of receivables which tend to influence valuation. Based on the Internal Audit’s inputs appropriate ratchets could be added to the deal terms. Judging the adequacy of controls in the light of deteriorating economic conditions could be challenging. An example of a recent PE transaction involved investment in a company engaged in factoring business in the MENA region. A factoring company lends money by discounting multiple receivables of the same client to the extent of 70-75% of the invoice value, so that risk of delinquency is spread. The institution largely relied on this spread mechanism in conjunction with personal guarantees and post-dated cheques securities from the clients as well as their debtors. However during the economic crisis certain clients, in collusion with several of their debtors, did not honor their commitments closed their businesses and left the country. Internal Audit’s review of the business in the pre-acquisition phase could have helped the PE investor to identify weaknesses in the credit process and introduce risk mitigation measures, such as the establishing more

robust credit assessment procedures and risk transfer measures, like credit insurance.

II. Post-Acquisition PhaseInternal Audit plays another vital role during the post-acquisition management of the investee companies. Adequacy of management reporting could be a shortcoming in some of the MENA family owned businesses. Management reporting may be on request by the senior management or may be produced only for regulatory compliance. In some of the investments, enhancing the reporting systems may be required as a first step to prepare a post investment business plan. Enhancing and streamlining the management reporting systems is another area where Internal Audit can step in. PE investors usually set ambitious targets for their investee companies. Early stage companies might take longer to start earning revenues due to structural difficulties and regulatory approval processes. Review of capital expenditures, cash flow projections and financing plans become critical in the early stages of the post-acquisition phase, for managing debt commitments. Cash flow breakeven point tends to get postponed typically by 12 to 24 months from the initial business plan, depending upon the stage and nature of the business. If external financing is used, debt restructuring may be required in some cases. Internal Audit’s review of the projected cash flow and its achievability may prove to be a vital input for restructuring negotiations. In case corporate guarantees are given for the debt issued to the investment vehicle, it needs to be considered in the risk assessment of the PE investment company. Moreover, investor relationship management has emerged as an important audit area in the post crisis era. As investment performances are deteriorating, fund investors are questioning the management expenses and fees. Internal Audit’s periodic review of fund expenses and management fees, to check whether they are within the limits specified in the Private Placement Memorandum (PPM) is crucial. Ongoing issues revolve around the valuation andNetAssetValue(NAV)reporting.Fundhousesusuallyconduct in-house annual valuation through their investment teams. Independent valuation is usually conducted for investments involving real estate, telecom or specialized technologies. Internal Audit can play a vital role in conducting independent analytical review of the approach and assumptions used in these valuations.As such, Internal Audit’s scope for PE firms is ever expanding and needs to be regularly refreshed to respond to changing business dynamics. An important note in this regard is the need for the Internal Audit to come out of traditional perception of performing post fact audits which restricts focus on operational and compliance issues. It is also important for Internal Audit teams to develop and enhance their skills, particularly in the areas of due diligence, project management and valuation. With investors and regulators demanding more from fund managers, Internal Auditor’s role of providing independent assurance to the board and senior management will continue to deliver competitive advantage to PE firms.

Page 26: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

24 INTERNAL AUDITOR - MIDDLE EAST JUNE 2014

BY PETER STEWARD

Social Business Risks

Many risks exist in social business covering HR, reputation, compliance, safety, Intellectual Property (IP) and more, but the perhaps the biggest risk of all is failing to leverage social business

IntroductionHowever one views social media, one point is clear; that it is here to stay. And leveraging social media for business is a valuable and cost-effective means of accelerating business objectives. Social business is about embedding familiar or bespoke social tools into your business processes, connecting people and promoting meaningful dialogue. One powerful example objective would be to graduate from managing customers to engaging customers.Ready or not, the social business train has left the station. Leading firms have secured their place on it, benefiting from brand awareness, deepened customer engagement, improved operational effectiveness; marketing, selling and even enhancing products or services through social business. Such change is usually driven by a member of the leadership team who recognizes the value social business brings to their corporate strategy.But before jumping on-board, we must carefully consider our approach and the associated risks. Social business must be approached with the same degree of care, preparation and planning that would be applied when launching any other channel such as bricks and mortar outlets, call centres or online.This article looks into some of the reasons to adopt social business but also sets out to highlight and mitigate the associated key risks.

Social Business, Why Bother?A survey of more than 3000 consumers found that customers who engage with companies through social media channels spend 20-40% more money with those companies than other customers and demonstrate a greater emotional commitment to their brands1.What do we mean by “engage”? This means two-way dialogue therefore a shift from talking to customers to talking with customers. Such dialogue can cover anything from crisismanagement,suchasToyota’sPresidentandCOOansweringthetopquestionsfrom @Digg’s community during a major recall, to new product suggestions, such as “My Starbucks Idea”. But the opportunity to leverage social business does not stop there. It can be used for internal team collaboration across geographies, customer service, recruiting and of course marketing and sales.The ultimate goal is to create strong online communities, whether internal, gated or open; which can leverage existing platforms or bespoke. Clearly, having one’s own platform instils a far greater degree of control. According to A Armstrong and J Hagel’s Harvard Business Review article, “Companies that create strong on-line communities will command customer loyalty to a degree hitherto undreamed of and, consequently, will generate strong economic returns”2. TwotopsocialbusinesscommunitiesaccordingtoCMSWire3includeMicrosoftAnswerswhich invokes concepts of gamification with recognition of community contribution via badges, and the SAP Community Network (“SCN”), where SAP’s Chief Marketing Officer Jonathan Becher says “SCN has more than 2.5 million active members — it’s the largest aggregation of SAP customers, experts, partners and industry thought leaders anywhere”.

Page 27: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

INTERNAL AUDITOR - MIDDLE EAST 25 JUNE 2014

Social Media

Just as in the real world when communities come together for good we see engagement, creativity, progress and benefits, similarly with the collaborative power of group knowledge in online communities, the results are unlimited.

Social Business RisksWe can focus on 8 social media management processes, (as demonstrated in the Community Maturity Model below) to determine key risks embedded in such a business. The Community Maturity Model, validated across several years by specialists and members of “The Community Roundtable”, demonstrates from the context of customer engagement 5 levels of social business relationship maturity: Initial (create brand awareness), Repeatable (increase brand interest), Defined (engage communities), Managed (inspire advocacy) and Optimized (achieve return on investment objectives – note not shown here).

Of the eight processes, the first 3 are strategic and the remaining 5 are governance focused and help us identify social media risks with mitigating actions.As mentioned in the introduction, it is imperative that any foray into social business be treated with the same thorough and comprehensive preparation and planning that would go into the launch of any other new channel such as call centres or branches. Clear governance, policies and processes must be in place to ensure all stakeholders are clear on the objectives and approved practices of social business. Many brands have been damaged through inappropriate material being posted in the public domain. High profile examples includeChryslerAutosandRyanairstaffpostingill-chosencommentsviathecompanyTwitteraccountsaswellasMcDonaldslaunchingthe#McDstorieshashtagtopromotepositivefarmerstorieswhichthenbackfiredwithTwitterusershijackingthehashtagasanoutletforventing frustration and criticism.So whilst social business developments present significant opportunities for companies to connect with their customers and others, they are also creating a whole new set of risks and issues for businesses.

Process Maturity BenchmarksCommunity

ManagementProcesses

Sustain Leadership

PromoteCulture

ManageCommunity

Refresh Content & Programming

Enforce Policies &Governance

Deploy Tools

Measure andReport

Initial Repeatable Defined Managed

Develop andCommunicate Strategy

Command and Control

Reactive

None

Formal and Structured

No Guidelines

Consumer toolsused by individuals

Anecdotal

Familiarize andListen

Consensus

Contributive

Informal

Some usergenerated account

Restrictive

Consumer andself service tools

Activity Tracking

Participate

Collaborative

Emergent

Defined rolesand processes

Communitycreated content

Flexible

Mix of consumerand enterprise tools

Activities andContent

Build

Distributed

Activist

Integrated rolesand processes

Integrated formaland user generated

Inclusive

‘Social’ functionality is integrated throughout

Behaviors and Outcomes

Integrate

Page 28: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

26 INTERNAL AUDITOR - MIDDLE EAST JUNE 2014

ABU DHABI

Al Ghaith Holding Tower, 9th FloorAirport RoadP.O. Box: 32468, Abu DhabiUnited Arab EmiratesTel: +971 2658 4640Fax: +971 2658 4641Email: [email protected]

DUBAI

Office 2104, 21st FloorU-Bora Tower 2, Business BayP.O. Box: 78475, DubaiUnited Arab EmiratesTel: +971 4438 0660Fax: +971 4438 0655Email: [email protected]

Contact Us:

Protiviti Ad.indd 1 2/16/14 1:49:08 PM

Here are some examples:• Loss of intellectual property and sensitive data – there are significant security risks which must be managed when deploying social media for business, including inappropriate release, leakage or theft of strategic information, as well as exposure of company networks and systems to viruses and malware.• Reputation loss – in addition to inappropriate employee behaviour there is also the risk of setting unrealistic customer service expectations, as well as lack of engagement or paying adequate attention to manage the fallout from negative messages.• Compliance violations – in social media there are risks of communicating data and information that violate applicable laws and regulations, including trademarks, privacy and employment issues.• Financial disclosures – listed firms must be particularly careful about any commentary on company performance that could impact the stock price, violate insider trading laws, “quiet periods” or other applicable security laws.• Human resource risk – whilst certain sites are a great channel for recruiting employees, they are equally a source for competitors to recruit your employees.• Safety risk – release of information about someone from the company could result in personal safety concerns.

• Competitor risk – potential loss of market share to competitors who are better able to exploit the opportunities social media offers. Social technologies extend the disintermediating power of the Internet to disrupt established models such as the migration of bricks and mortar book stores, music stores or travel agents to online.

• Brand hijacking – on the Internet there is always the possibility of a fraudulent third party hijacking the company’s brand

without their knowledge, perhaps by unauthorized use of logos, counterfeiting or other misrepresentations. Some companies actively search and pursue all usage of their company name on social media sites to address brand hijacking as well as to identify complaints and satisfaction issues.• Poor management of social business – the launching of a social business presence without any participation can be seen as negative, also if the company cannot sustain momentum or keep up-to-date.The above list is not supposed to be an exhaustive list of social media business risks as each company is unique and will need to assess the risks relevant to them, as well as determine the appropriate methods to monitor and, if necessary, mitigate the risks.Companies should develop comprehensive social business strategies and frameworks, and then ensure employees are well trained in using them. It is important to measure the changes in consumer behaviour that result, as well as top line and bottom line results, to ensure creation of real business value from social business.Finally, a parting thought. In spite of all the risks noted above, perhaps the biggest risk of all is not leveraging the opportunity that social business represents!

References:1 “Putting Social Media to Work” by Chris Barry, Rob Markey, Eric Almquist and Chris Brahm. Bain brief. http://www.bain.com/publications/articles/putting-social-media-to-work.aspx2 “The real value of on-line communities,” by A Armstrong and J Hagel of the Harvard Business Review.3 “10 of the Best Social Business Communities & Why They are Important” http://www.cmswire.com/cms/web-engagement/10-of-the-best-social-business-communities-why-they-are-important-011593.php

PETER STEWARD leads Protiviti’s Strategy and Change Management practice, based out of Abu Dhabi.

58% of companies in the UAE are using social media for

business

HALF have identified the risks

associated with the use of social media

But still….

61%of the internal audit departments of these

companies are unlikely to audit social media within the

next 12 months

Of these companies only

Source: UAE – IAA Member Poll (May 2014)

Social Media in the UAE

TO COMMENT on the article,EMAIL the author at [email protected] Social Media

Page 29: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

ABU DHABI

Al Ghaith Holding Tower, 9th FloorAirport RoadP.O. Box: 32468, Abu DhabiUnited Arab EmiratesTel: +971 2658 4640Fax: +971 2658 4641Email: [email protected]

DUBAI

Office 2104, 21st FloorU-Bora Tower 2, Business BayP.O. Box: 78475, DubaiUnited Arab EmiratesTel: +971 4438 0660Fax: +971 4438 0655Email: [email protected]

Contact Us:

Protiviti Ad.indd 1 2/16/14 1:49:08 PM

Page 30: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

JUNE 201428 INTERNAL AUDITOR - MIDDLE EAST

COMMON PITFALLS DURINGAFRAUDINVESTIGATION

BY DR. STEVEN HALL IDAY

TO COMMENT on the article,EMAIL the author at [email protected]

BY ROBIN S INGH ED ITED BY JAMES TEBBS

Fraud Risk

Experience has demonstrated that amongst the mistakes that can befall an investigation four common

mistakes in handling fraud allegations routinely occur. These pitfalls include: not investigating at all, not conducting the investigation under attorney-client privi-lege, not using independent investigators and not following a strict investigative due process.

1. Failing to investigateInvestigative inaction is one of the most serious errors management can make when faced with fraud allegations. This inaction can be the result of sheer negligence or due to a more sardonic, deliberate judgment. In many instances, organizations- particularly charitable and public-service agencies-are staffed by individuals who can’t fathom that someone on staff might exploit their shared cause for personal benefit. On other occasions, personalities and corporate internal rivalries stand in the way of ini-tiating proper investigations. No aspiring executive wants to answer for fraud that went on under their leadership.

2. Attorney-client privilegeThe law does not readily protect investiga-tive findings from unnecessary disclosure, particularly in the Middle East. An effec-tive way to protect findings from disclosure to opportunistic plaintiffs and government agencies is through the utilization of attor-ney-client privilege. This is done by having a lawyer co-lead the investigation with an “experienced” investigator. Forensic accountants and other crucial members of the investigative effort should report to the

lawyer.In a privileged environment, management can be confident it will have proper time to manage the disclosure of the sometimes dramatic findings discovered by forensic accountants. Similarly, forensic accountants may identify issues beyond the scope of the original investigation, and disclosure of these issues may not be relevant to the investigation at hand. By operating in a privileged environment, firms can address unexpected and unrelated findings without unnecessary or premature disclosure. Further, a privileged investigation can best enable the release of findings at the discretion of the party/company involved. This is far more advantageous than large scale disclosures of information which can be misconstrued by the public, the media or government agencies.

3. Engaging independent investigatorsFederal prosecutors routinely assign more credibility to investigations that are led by outside specialists rather than those conducted by in-house counsel, unless this function is independent of the line management. Furthermore, using external specialists also allows for access to the lat-est investigative techniques and technolo-gies, as well as deeper experience than may be retained in-house.

4. Following investigative due processConducting any investigation requires a disciplined and well executed approach to ensure evidence is gathered, securely main-tained and correctly interpreted.

For example, voice recording interviews is not permissible under certain state laws in the United States also in other coun-tries (including countries in the Middle East unless it is done with the consent of the interviewee in good faith). There are several high level mistakes investigators make while conducting interviews and taking statements, including making sure the correct procedures are adhered to, or making sure statements are accurate and reliable. Furthermore, investigators need to ensure they conduct interviews in a logical sequence – for instance interviewing a suspect after finishing interviews with the witness. Another example is working on copies of evidence rather than on the orig-inal evidence itself. This brings the issue of tampering with evidence into question in the fact that the investigator has altered that evidence since it was collected and it will not be in its original form if it were to need to be looked at again or used in court.

ConclusionFraud is clearly undesirable, and having to investigate them can be costly and a drain on corporate resources. The findings can be embarrassing and expensive to a company in the short term. However, avoiding the mistakes mentioned above will assist in making sure that a company or client never makes a far more costly and embarrassing appearance in legal courts for failing to conduct a proper investigation, and may help to avoid negative public perception.

ROBIN SINGH, MBA, MIT, CFE, CFAP is Senior Ethics / Fraud Control Officer at Abu Dhabi Health Services Company (SEHA).

Page 31: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

© 2

014

Erns

t & Y

oung

. All

Rig

hts

Rese

rved

.Laptops, smartphones, the cloud — your data gets around. And the more it travels, the more it’s at risk. EY’s Information Security team has an answer for every threat, a solution for every vulnerability. Information technology is always changing. Make sure your security can keep up. What makes us different is that we see things differently. You will, too.

Visit ey.com/mena

�EY�Abu�Dhabi�have�moved�offices�to�Nation�Tower�2,�Corniche.�

Security�threats�come�in�many�varieties.�Your�security�should,�too

Page 32: UNE INTERNAL AUDITOR - MIDDLE EASTinternalauditor.me/IA-eng-june14/files/res/downloads/...UNE INTERNAL AUDITOR - MIDDLE EAST 3 INTERNAL AUDITOR MIDDLE EAST JUNE 2014 FEATURES DEPARTMENTS

JUNE 201430 INTERNAL AUDITOR - MIDDLE EAST

Who Audits the Auditor?IntroductionOne of the common questions faced by internal auditors is: “Who audits the auditor?” Internal Audit examines many parts of the organisation, so it is only natural that the quality of Internal Audit itself should be reviewed from time to time. Internal Audit is covered by the International Professional Practices Framework issued by the Institute of Internal Auditors globally.

What is Quality?Quality is not absolute. The quality of a product or service is the degree to which the product or service meets the customer’s expectations — the degree of conformance. Internal Audit needs to be fit for purpose to provide the service expected by the Audit Committee, the Chief Executive Officer and top management.

Delivery of a quality product or service does not just happen – it needs to be managed. Quality management involves an ongoing effort to identify what good quality looks like and to ensure it is being achieved consistently. Periodic review by an independent assessment team can assist Internal Audit on the Path to Quality (Institute of Internal Auditors Practice Guide Quality Assurance & Improvement Program).Where does your Internal Audit function rate on the Path to Quality? Please refer to the diagram shown above.

Quality Assurance and Improvement ProgramStandard 1300 requires Internal Audit to develop and maintain a Quality Assurance and Improvement Program that includes:• OngoingInternalAssessments,forexample: - Working paper reviews. - Actual versus budgeted analysis for time spent on internal audit engagements. - Audit feedback forms from management after each internal audit engagement. - Performance evaluations. - Results of Internal Audit performance measures.• PeriodicInternalAssessmentstobe performed annually: - Review of the Internal Audit Charter for conformance with the Standards. - Self–assessment of conformance with the Standards

• ExternalAssessmentsperformedatleastonce every 5 years by a qualified, inde-pendent assessor or assessment team from outside the organisation.

Why have an External Assessment?An External Assessment is a comprehen-sive review that examines Internal Audit for such things as:• ConformanceofInternalAuditserviceswith the manatory IIA guidance.• ExpectationsofInternalAuditservicesexpressed by the Audit Committee, the

Chief Executive Officer and top manage-ment, and whether these are being met.• Skills,knowledgeandexperiencewithinInternal Audit.•WhetherInternalAuditaddsvalue.• Opportunitiesforimprovement.

It is a way of proving to the Audit Com-mittee and top management the value that Internal Audit is adding to the organisa-tion. It can also harness the experience of the independent assessment team to share insights gained from other Internal Audit functions.The External Assessment process usually includes confidential discussions with Audit Committee members, the Chief Executive Officer and top management to obtain their perceptions of Internal Audit’s performance. It can also include confiden-tial surveys of middle management and benchmarking against other Internal Audit

Beyond Conforming

Conforming

Non-Conforming

Leading

Leveraging

Conforming

Emerging

Beginning

Path to Quality(Maturity Model) Scale

Innovates Best PracticesStrategic PartnerLeader in IA Profession

Emphasizes Best PracticeAnticipates ChangeExpanding Roles

Generally ConformsExternal AssessmentContinuous Improvement

Partially ConformsSelf AssessmentAction Plans

InnovatesDoes Not ConformNew Internal Audit Activity QAIP

Fostering Fundamentals TO COMMENT on the article,EMAIL the author at [email protected]

BY UMAIR KADIR ED ITED BY ANDREW COX

functions in similar industries. An assessment of Internal Audit maturity by the assessment team can also be included.

ConclusionAbove all, an Independent External Assessment promotes a culture of professionalism in the Internal Audit Function by: • Scrutinizingitsactivitiesthesamewayasitaudits other parts of the organisation.• AssessingconformancetomanatoryIIAguidance.

UMAIR KADIR, ACCA, CIA is Manager Internal Audit at Burj Bank Ltd in Pakistan.


Recommended