IIA April 2010.pdf - UAE IAA
IIA April 2010.pdf - UAE IAA
IIA April 2010.pdf - UAE IAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4 March 2010<br />
12 March 2010<br />
th O n 1 November, 7 a half-day course on Quality Assurance and Improvement by Andrew Cox was held in Dubai. The same<br />
was held on 24 th November in Abu Dhabi. Andrew Cox is acknowledged as a leader in quality assurance and improvement<br />
of internal audit activities in organisations, both in the private and public sectors. The course focused on how quality<br />
assessments can raise the profile of the IA Department with chief executives and audit committees. It also honed in on<br />
preparing an independent quality assessment, self-assessment for the IA Department followed by an independent validation.<br />
Visuals from the event…<br />
It got its name because its founders got<br />
started by applying patches to code<br />
The name came from the river Adobe written for NCSA’s httpd daemon. The<br />
Creek that ran behind the house of result was ‘A PAtCHy’ server - thus,<br />
founder John Warnock.<br />
the name Apache.<br />
but an abbreviation of San<br />
Francisco. The company’s logo<br />
reflects its San Francisco name<br />
heritage. It represents a stylized<br />
Golden Gate Bridge.<br />
Packard tossed a coin<br />
to decide whether the<br />
company they founded<br />
would be called<br />
Hewlett-Packard or<br />
Packard-Hewlett.<br />
16 March 2010<br />
By: Andrew Cox<br />
boast about the amount of<br />
information the search-engine<br />
would be able to search. It was<br />
originally named ‘Googol’, a<br />
word for the number represented<br />
by 1 followed by 100 zeros. After<br />
founders - Stanford graduate<br />
students Sergey Brin and Larry<br />
Page presented their project to<br />
an angel investor, they received a<br />
cheque made out to ‘Google’.<br />
Moore wanted to name<br />
their new company ‘Moore<br />
Noyce’ but that was already<br />
trademarked by a hotel chain,<br />
so they had to settle for<br />
an acronym of INTegrated<br />
ELectronics.<br />
The Evolution of Internal Auditing<br />
The evolution of how internal audit determined what it would audit can be tracked in Table 1.<br />
Then (up to the 1990s)<br />
• Areas for internal audit identified on a functional<br />
basis from historic information.<br />
• Set of one-dimensional risk factors applied<br />
(high, moderate, low).<br />
• Input into a model and prioritization based on risk<br />
rankings.<br />
• 3 or 5 year strategic internal audit plan based on risk<br />
rankings.<br />
• Annual internal audit plan based on available<br />
resources. Presented to the audit committee (but<br />
not always).<br />
Apple Computers<br />
Favourite fruit of founder Steve Jobs. He<br />
was three months late in filing a name<br />
for the business, and he threatened to<br />
call his company Apple Computers if the<br />
other colleagues didn’t suggest a better<br />
name by 5 o’clock.<br />
of accessing email via the web<br />
from a computer anywhere in<br />
the world. When Sabeer Bhatia<br />
came up with the business plan<br />
for the mail service, he tried all<br />
kinds of names ending in ‘mail’<br />
and finally settled for Hotmail<br />
as it included the letters “html”<br />
- the programming language<br />
used to write web pages. It was<br />
initially referred to as HoTMaiL<br />
with selective upper casings.<br />
Executive Summary<br />
• The mandate for internal audit contained in the internal audit charter.<br />
• What the audit committee and management want internal audit to do.<br />
• T whom the chief audit executive (head of internal audit) reports.<br />
• The capability and skills of the internal auditors.<br />
• Any legislative or regulatory requirements of internal audit.<br />
Introduction<br />
Internal auditing is an evolving profession. It has been around for a very long time, probably since<br />
the pharaohs in Egypt. But it wasn’t until 1947, when the foremost professional body for internal<br />
auditing, the Institute of Internal Auditors (<strong>IIA</strong>), was formed that internal auditing was set on its<br />
path to emerging as a profession.<br />
Subsequently, professional standards and a code of ethics for internal auditing have been<br />
established and in 1974 professional certification for internal auditing was created, with the<br />
designation Certified Internal Auditor. Over time, the scope of internal auditing has changed<br />
significantly.<br />
Advantages Disadvantages<br />
• Often cyclical (every year). • Done in isolation of the business.<br />
• Well known to internal • Time-consuming.<br />
auditors.<br />
• Focus on functional areas.<br />
• Safe approach.<br />
• May not be timely, relevant or<br />
responsive.<br />
• Correlation between risk rankings<br />
and internal audit plan often weak.<br />
• Assumed a static organisation.<br />
Today fraud is a key buzzword among and assessing risks involved in achieving the execution of controls will do so<br />
corporations (big and small) and compliance an entity’s objectives.<br />
responsibly and to the best of their<br />
professionals alike. Recent large fraud<br />
ability. While this assumption may be<br />
cases are often used to build a business iii) Control Activities are the policies and correct during an internal control risk<br />
case for spending large amounts of money procedures that enforce management’s assessment, it does not hold good while<br />
in implementing a Control Framework. directives.<br />
assessing fraud risks.<br />
Surveys such as the ACFE 2008 Report<br />
to the Nation show that implementation iv) Information and Communication, which An individual breaching his fiduciary<br />
of a control framework has a measurable allows the exchange of information in responsibilities is an Occupational Fraud!!<br />
impact on the organisation’s exposure the right quantities and to the right<br />
to fraud. The survey revealed that persons across the organisation A key differentiator between Internal<br />
organisations that implemented anti-fraud<br />
Controls and Anti Fraud Controls is the<br />
controls suffered much lower losses than v) Monitoring is the process that assesses Human Element. Failure to assess the<br />
organisations without anti fraud controls. the quality of the Framework over a Human Element can cause frauds to<br />
Though many Control Frameworks period of time.<br />
happen in organisations that otherwise<br />
were developed and propagated over<br />
seem to have a robust and comprehensive<br />
the years, the most commonly applied Generally, Corporations build their Anti- internal control framework.<br />
Control Framework is the one developed Fraud controls on the principles of the<br />
in the early nineties by the Committee Of COSO framework. To do so, organisations Before addressing how to prioritize fraud<br />
Sponsoring Organisations of the Treadway first identify fraud risks and prioritize risks, let’s understand why do people<br />
Commission, better known as the COSO them according to risks that matter the commit fraud?<br />
Framework (“COSO”). COSO identifies most. Prioritization is generally done<br />
5 components, which when integrated by assessing the impact and likelihood of One of the best theories on why people<br />
and operating in all business units, will an inherent risk. Impact is the extent to commit fraud was given by Mr. Donald<br />
help establish an effective internal control which the risk, if realized, would impact the Cressey in his book “Other People’s<br />
framework. These 5 components are: organisation. Likelihood is the probability Money” . As per this hypothesis, fraud<br />
of a risk occurring over a pre-defined time occurs when an individual has:<br />
i) Control Environment, which sets period which is generally the organisation’s<br />
the moral tone of the organisation, planning horizon.<br />
a. A non sharable financial problem<br />
influencing the control consciousness of<br />
the organisation and is the foundation While prioritizing risks on impact and b. Perceives an opportunity to resolve<br />
upon which all other components are likelihood, it is generally assumed that the situation<br />
built<br />
individuals will honour their fiduciary<br />
responsibilities to the organisation. In c. Has the ability to rationalize his misdeed<br />
ii) Risk Assessment involves identifying other words, people entrusted with even before committing them.<br />
6 March 2010<br />
A company’s IT (Information Technology)<br />
organisation is no stranger to scrutiny when it comes<br />
to corporate responsibility and sustainability.<br />
As a major consumer of electricity in many<br />
organisations and a significant producer of<br />
waste electronics, IT has been among the<br />
first to come under pressure to better<br />
manage energy consumption and to<br />
“reduce, reuse, and recycle” in<br />
order to improve efficiency and<br />
lessen environmental impact.<br />
Fortunately, in improving its sustainability opportunity to improve its financial<br />
performance, IT has had a lot of low-hanging performance while jumpstarting green<br />
fruit to choose from, including server change throughout the larger organisation<br />
consolidation, application rationalization, as well as reducing environmental impacts.<br />
procurement of energy-efficient hardware,<br />
better printing policies, and even simple The areas where IT can address<br />
behavioral changes such as having people sustainability issues directly are through<br />
turn off the lights and shut down their its acquisition, usage and disposal policies.<br />
desktop computers at night. Electronic Consolidation and virtualization initiatives,<br />
components consume substantial amounts for example, have generated advantages<br />
of electricity and produce significant in terms of cost and operational efficiency<br />
amounts of heat – not to mention that and also led to a reduced impact on the<br />
they often contain heavy metals and other environment as utilization rates reduce<br />
toxins that pose disposal issues. Clearly, energy consumption. Beyond virtualization,<br />
IT must play a big part in going green, if a as new equipment is brought in as part of<br />
company is to be effective at it.<br />
the move to denser blade configurations<br />
and 64-bit architectures, or simply to<br />
A competitive advantage<br />
provide additional capacity, organisations<br />
Responding to a growing wave of will also benefit from advances in processor<br />
investor activism, consumer demands efficiency.<br />
and regulations around environmental<br />
sustainability, companies are looking for The Green Data Center at the Core of<br />
ways to gain a competitive advantage Green IT<br />
by adopting green business practices. IT<br />
can be a catalyst for realizing short and Finance, IT and business unit executives<br />
long-term business benefits through the in large companies around the world<br />
implementation of green approaches. have come to embrace environmentally<br />
Green IT thus can offer a company the sustainable business practices that are<br />
10 March 2010<br />
14 March 2010<br />
By: Vishal Thakkar<br />
global financial upheaval of the past two years has seen many<br />
commentators questioning the value of audit.<br />
While attention has naturally been most focused on the large<br />
end of the audit profession, which is involved with the banks and<br />
other major financial institutions, there are also important issues<br />
at the smaller end of the audit market. Given the removal in<br />
recent years of the statutory audit requirement for many entities<br />
with turnover below £6.5m, audit is increasingly a voluntary<br />
exercise in this sector and so needs to demonstrate the value it<br />
brings to business.<br />
In its new policy paper, entitled Restating the Value of Audit,<br />
ACCA argues that against this backdrop of change, it is vital<br />
for the accountancy profession to re-examine the role of audit<br />
and to question whether a sufficiently strong case is being put<br />
forward for the benefits that audit can provide to businesses, the<br />
economy and society. We f irmly believe that audit has a key role<br />
to play as a source of public confidence in financial reporting but<br />
note that there is currently little published research, which seeks<br />
to demonstrate the value of audit in promoting business trust.<br />
http://www.accaglobal.com/page/3305046<br />
our new survey shows, CEOs continue to work to strengthen<br />
their organisations whilst seeking opportunities emerging from<br />
structural shifts in their industries, economies and regulatory<br />
environments.<br />
The 13 th Annual Global CEO Survey offers an up-close look at<br />
how business leaders have responded to the challenges brought<br />
about by the recession, the concerns they are facing today and<br />
their strategies for positioning their companies for the long-term.<br />
The recession in developed nations was the worst many CEOs<br />
had ever experienced. The resulting rupture to business planning<br />
and operations was clear in our survey of 1,198 business leaders<br />
from around the world for the PricewaterhouseCoopers 13th<br />
Annual Global CEO Survey. Business leaders are emerging with<br />
a healthy respect for risk, volatility and flexibility.<br />
http://www.pwc.com/gx/en/ceo-survey/download.jhtml?WT.<br />
ac=flash_01-2010_ceo-survey-hp_download<br />
changing their IT practices in an effort<br />
to save money, improve performance<br />
and lessen their impact on the physical<br />
environment.<br />
For example, Marriott International’s<br />
efforts to lower its IT power consumption<br />
over the past few years have not only<br />
resulted in greener and more sustainable<br />
IT operations, but also serve as a risk<br />
mitigation tool. Their data centers are<br />
protected from nature, nuclear attacks and<br />
electronic eavesdropping, amongst other<br />
IT threats because of their location. The<br />
company has built a data center 300 feet<br />
below ground, in a former Pennsylvania<br />
mine. The mine maintains an ambient air<br />
temperature of 53 degrees Fahrenheit.<br />
In addition, virtualization software from<br />
vendors has helped the hospitality giant<br />
reduce its server population by more than<br />
one-third over the past three years. Storage<br />
virtualization and archiving technologies<br />
have enabled the company to slash its<br />
storage energy costs by more than 50%<br />
over that same period.<br />
we are likely to reflect on just how dramatically it changed the<br />
corporate landscape. Not only will it have sent some mighty<br />
business names to the wall, it will also have been responsible for<br />
fundamentally changing the way the business world operates.<br />
One such example may be in the way that corporate value is<br />
determined; will financial measures still be used in isolation as the<br />
measure of business value? This approach will soon be challenged,<br />
claims Rodger Hill of KPMG Advisory.<br />
The days of purely measuring business performance by financial<br />
result may well be numbered. In its place discerning investors will<br />
look for something broader to measure an entity’s real contribution<br />
and performance.<br />
That something could be in the shape of the “triple bottom line”;<br />
an amalgam of financial results and an assessment of the social and<br />
environmental impacts of a business. Or, when stated differently:<br />
People, Planet and Profits.<br />
http://www.kpmg.com/Global/en/IssuesAndInsights/<br />
ArticlesPublications/Press-releases/Pages/Press-release-<br />
Introducing-the-triple-bottom-line-1-Mar-2010.aspx<br />
About the Author:<br />
Vishal Thakkar is a qualified<br />
Chartered Accountant and Certified<br />
Internal Auditor. He is currently<br />
working with Group Internal Audit<br />
department of Dubai World and can<br />
be contacted at<br />
vishalkthakkar@yahoo.com<br />
…Going Full Blast…<br />
4<br />
<strong>UAE</strong>-<strong>IAA</strong> Past Events<br />
Course on Quality Assurance<br />
and Improvement<br />
Message from the President<br />
On behalf of the <strong>UAE</strong> Internal Audit Association’s Board of Governors, I wish<br />
to extend a warm welcome to all the delegates to the 11 th Annual Regional Gulf<br />
Audit Conference in Abu Dhabi. Our theme for this year is ‘2010 and Beyond’,<br />
and we urge you to join us in “going full blast” in enthusiasm, as we start the<br />
implementation of programs and planned activities for this still challenging year.<br />
Firstly, we encourage you to optimize your learning and networking opportunities<br />
during this conference by actively participating in the pre-conference workshops on<br />
Day 1 and the main conference sessions, which will cover topical issues impacting<br />
our profession. We are fortunate to have with us as keynote speaker, our <strong>IIA</strong><br />
Global President, Mr. Richard Chambers.<br />
You are also invited to participate in the Global Internal Audit Survey, which opened<br />
on March 15, 2010 and is available in both the <strong>IIA</strong> and <strong>UAE</strong>-<strong>IAA</strong> websites. The<br />
survey is expected to be completed by over 15,000 internal auditors from around<br />
the globe, in more than 20 languages. Results will provide insight into emerging<br />
issues and trends, as well as developments and changes within the profession. We<br />
are pleased to have set another milestone at the Institute by successfully providing<br />
an Arabic translation for this survey.<br />
As we ended the first quarter, we near the completion of a Memorandum of<br />
Understanding with the American University of Sharjah, to initiate cooperative<br />
agreements with educational institutions in the <strong>UAE</strong> / Region. In February, we<br />
were also privileged to have shared our programs and experiences with <strong>IIA</strong> Saudi<br />
Arabia when they visited us for a benchmarking exercise.<br />
As we progress on in 2010 and beyond, we set up a dedicated staff to better<br />
provide the services of the Institute. Once again, we request your wholehearted<br />
support in achieving all our plans and objectives.<br />
Abdulqader Obaid Ali<br />
President<br />
<strong>UAE</strong>-<strong>IAA</strong><br />
<strong>April</strong> 2010<br />
Board of Governors<br />
<strong>UAE</strong>-<strong>IAA</strong> Chapter<br />
President:<br />
Abdulqader Obaid Ali<br />
abdulqader.obaidali@dubaiworld.ae<br />
Board Members:<br />
Abdulrahman Al Hareb<br />
abdulrahman.alhareb@dubaiholding.com<br />
Abdulrahman Ba Saeed<br />
abdulrahman.basaeed@dubaiworld.ae<br />
Adnan Zaidi<br />
adnan.zaidi@protivitiglobal.ae<br />
Ahmad Dahabiyeh<br />
adahabiyeh@adaa.ae<br />
Amir Gergawi<br />
amir.algergawi@du.ae<br />
Badr Mohammed Buhannad<br />
bbuhannad@dso.ae<br />
Karem Obeid<br />
karem.obeid@dubaiholding.com<br />
Khalid Halyan<br />
khalhalyan@dca.gov.ae<br />
Laila Al Humairi<br />
laila.alhumairi@gmail.com<br />
Raza Abdulla<br />
raza.abdulla@emirates.com<br />
Venkataraman<br />
venkat@habtoor.com<br />
Yaser Al Yaish<br />
yaser.yasih@gmail.com<br />
Newsletter Committee:<br />
Vishal Thakkar<br />
Dubai World<br />
Mayur Motwani<br />
Protiviti Middle East<br />
Julion Ruwette<br />
Deloitte & Touche, (M.E.)<br />
8<br />
How famous companies<br />
were named?<br />
Cisco<br />
The name is not an acronym<br />
Hewlett-Packard<br />
Bill Hewlett and Dave<br />
12<br />
Google<br />
The name started as a jockey<br />
Intel<br />
Bob Noyce and Gordon<br />
16<br />
Hotmail<br />
Founder Jack Smith got the idea<br />
What Is the Range<br />
of the Internal<br />
Auditor’s Work?<br />
<strong>UAE</strong>-<strong>IAA</strong> Events<br />
Fraud Risk Assessment: the<br />
Human Element<br />
– By: Santosh Noronha<br />
11 th Annual Regional Gulf<br />
Audit Conference<br />
How famous companies<br />
were named<br />
Green IT<br />
– By: Fadi Sidani<br />
Knowledge Update<br />
– By: Vishal Thakkar<br />
What is the range of the Internal<br />
Auditor’s Work<br />
– By: Andrew Cox<br />
6<br />
By: Santosh Noronha<br />
Fraud Risk<br />
Assessment:<br />
The Human<br />
Element<br />
10<br />
By: Fadi Sidani<br />
Green IT<br />
IT at the Core of office greening initiatives<br />
Knowledge<br />
Update<br />
Restating the value of audit<br />
The role of audit is under heightened scrutiny. The unprecedented<br />
13 th Annual Global CEO<br />
Survey<br />
The effects of the recent downturn were far-reaching, but as<br />
14<br />
Introducing the triple<br />
bottom line<br />
Once the credit crisis is firmly consigned to corporate history,<br />
Contents<br />
Editor:<br />
Manjula Ramakrishnan<br />
<strong>UAE</strong>-<strong>IAA</strong> Newsletter welcomes editorial<br />
contributions and feedback from readers.<br />
Write in to editor@iiauae.org<br />
Affliated to The Institute of Internal Auditors • 247 Maitland Avenue • Altamonte Springs,<br />
Florida 32701-4201 USA +1-407-937-1100 • Fax +1-407-937-1101 • www.theiia.org • Copyright 2008<br />
Disclaimer: It is hereby notified that all opinions, facts or views expressed in this magazine are those of<br />
the author and need not necessarily represent the views of <strong>UAE</strong>-<strong>IAA</strong>. The advertising of events, courses,<br />
products and services in this publication does not imply that they have <strong>UAE</strong>-<strong>IAA</strong> endorsement.<br />
2 <strong>April</strong> 2010 3 <strong>April</strong> 2010