IIA QATAR NEWS LETTER 2014
02
IIA QATAR NEWS LETTER 2014
03 From Editor’s desk... Month of May is the Internal Audit Awareness Month celebrated internationally. The IIA Qatar is also participating in the celebration by holding its 4th National Conference to build the awareness in the local business community about the internal audit profession. There is a small story which depict the power of awareness. One eloquent speaker was delivering his speech in a large gathering. One of the listener in the front row was unconsciously shaking his leg for a long time. This disturbed the thought process of the speaker. The speaker asked “Why are you shaking your leg like this?” Hearing the question, the man immediately stopped the action.
We, as internal auditors with our independence and objectivity are in an advantageous position to evaluate the business processes and raise sensible questions to make the process owners aware about the actual activities and facilitate them to have a rethink. By this simple step, we also make our customers aware about our capability to contribute to the achievement of their objectives. Let us be aware of what we do and what others see in us. Let us be aware whether we are close to the benchmarks and guidance set by our Institute. Let us be aware if we really add value with our existence. Let us spread the awareness, but start it from within ourselves. Be proud to be an Internal Auditor.
The Speaker said “I did not ask you to stop your action, I only asked why you are doing this“ The man said, “I was not aware about the action, neither did I realize that it distracted you from your speech. But it is interesting to know that the moment I became aware, the activity stopped by itself.” What we learn from this story is that the mere awareness of what we do can make significant difference in how we serve.
Murali Krishnan Chairman Communications Committee Web administrator
IIA QATAR NEWS LETTER 2014
04
ARE WE ON TRACK?
Hassan Al Mulla
The 4th National conference with the theme “ARE WE You are invited to join over 300 of your fellow chapter ON TRACK?... Towards Achieving Qatar National Vision� members and leading delegates from versatile is intentionally made content heavy and comprehensive. professions around the world. This will be a unique golden opportunity for you to revitalize and rejuvenate There was some catching up required for enhancing your skill set and professional arsenal. learning opportunity for internal auditors. The awareness that internal audit is a significant profession It is not only to learn something new from speakers but of the future is getting the desired recognition and also network with your peers. Internal audit professionals limelight in Qatar. Hence 2014 conference is extensive require good networking for sharings unique experiences and stories. This creates accelearated and spans three days with possible 24 learning hours. learning processes. The conscious sourcing of speakers from around the globe who are practitioners, academicians, trainers and I look forward to meeting you. Conference committee from industry verticals was intended to get specialized and board had invested time and effort for this event of knowledge for those who value all round exposure. This national importance with august presence of visionary to me is probably the step in the right direction for our leaders country to know, understand and imbibe best practices that will transform auditors to play significant role in the Sincerely, corporate value creation as well as value preservation. The conference theme drives the compelling requirements of the profession to become business enablers by facilitating effective Governance, Risk management, and Compliance. It envisions the role of internal auditors to enable and ensure transparency, reliability, efficiency and effectiveness of business decision making while achieving QVN 2030.
IIA QATAR NEWS LETTER 2014
Hassan Al-Mulla President - The IIA Qatar
05 Conference Committee Chairman’s Message
enhance our business acumen and leadership development. Through interesting presentations, panel discussions and workshops we will deliberate on the requirements the QNV 2030 place on us, and identify how we as Auditors and Accounting professionals will be able to add value throughout the process of goal setting, monitoring and service delivery. I would like to encourage a broader participation and support. We are indeed proud of all our sponsors as they enable us to host such distinctive events. One extract from last year’s survey states: “Audit is an ideal development area for young Qatari’s before launching a career elsewhere in the company.”
I am proud to elaborate on the survey, was encouraging and it success of the IIA Qatar’s previous indicated delegates received value conferences. With each new and appreciated these efforts. conference planned and executed, the bar for excellence and This year, our conference theme is: “Are we on track... towards achieving achievement was raised. QNV 2030?” A vision, such as the The word conference originated QNV 2030 requires commitment I trust you will also receive value out from Latin and its original meaning and dedication from all citizens and of all future conferences on Internal was “to bring together”. In a sense residents to ensure the successful Auditing. We will continue to serve. the IIA Qatar does not only bring accomplishment. In our opinion, the together prolific Speakers and Internal Auditors have a great role to interesting themes and topics for play to contribute to its achievement. discussion, but we also join forces In co-operation with the Scientific with a wider array of citizens and Accounting Association and the residents in Qatar who unite behind Qatar certified Public Accountants association and under the patronage the Qatar National Vision 2030. of HE Abdulla bin Hamad Al-Attiyah, Last year’s conference had the President of the Administrative theme of “The value of an effective Control and Transparency Authority, Internal Auditing Function.” We we are indeed proud to host such believe, through this conference, a national event with resonating we enabled many Internal Auditors impact across various industries to enhance their service delivery to and professions. We really “bring Chris Adonis thought leadership, Chairman - Conference Committee their companies. The satisfaction, together” expressed through an anonymous pro-active thinking and this will The IIA Qatar
IIA QATAR NEWS LETTER 2014
06 SAFELY NAVIGATING BUSINESS RISK The general Myths and Facts about risk are: Myths: • “Avoid Risks” or even avoid talking about risks since it is a negative topic • React to risks events as they occur with short-term solutions
Sundaresan Rajeswar
• Maintain silo approach to addressing compliance and risk management
Without risk, there can be no reward. The fact is, risk goes hand in hand with the profitability and longterm growth of an organization. What keeps business in tenterhooks is to know the key risks to focus: commercial disputes, regulatory compliances, declining margins, financial structuring, fraud or revenue leakages, losses and so on.
• Compliance only generate additional cost while adding little value
Risks by and large are managed by controls within an organizations business process. It is still better to meld together risk, control and business processes that will protect and enhance the enterprise value. Managing key risks facilitate to take advantage of business opportunities
• Proactive solutions to mitigate risk and to create cost effective, repeatable and sustainable strategies
Facts: • Risk should be anticipated and is an opportunity to improve performance and competitive advantage
• Synergy between risk and compliance to promote quality and lower cost • Compliance is catalyst for overall enterprise risk management
IIA QATAR NEWS LETTER 2014
Transparency Demand
Leg
al
& R Ch egu an la ge s
GOVERNANCE
OPER
pt je ital ct s
ue Reven ce n a r Assu
Se Br curit ea che y s
ator y
E
Ca o Pr
re
E
PR
Treasur y
Cre
dit
K
RIS
IAL
FINANC
g Trad in Losses
Corporate Secur i ty
gul
on
e nu s ve ge Re aka Le
De c Ma reasi rgi n g ns
Re
T Y, C O S T, T I M
ENT
ati
l pp S u hain C y
ENHANCE
ALI
EV
tig ND
ENTERPRISE VALUE
Commer ci al g Disputes ntin cou ties Ac lar i u eg ONSE Irr RESP
Li
ER , DETECT ,R DET T, ES N PROTECT VE
PO
Vo l a t i l e E c Condi onomi tion c
Un
re
l
to
Enterpr ise Risk Ma n a g eme n t
QU
07 ry
ible pat m o n Inc tio e/ rma l b ia Info
itu nd s e p Ex un al verr t i p O Ca
AT I O N A L R I S K
Employee Tu r n o v e r
Navigating business risks safely requires careful consideration of the factors enlisted: 1. Risk based approach: This requires clear diagnosis of business problem to develop practical solution. One has to quickly and accurately identify, assess and measure risks that prevent achievement of goals. Develop clear value proposition that are practical with estimated costs and benefits to mitigate the risks. The final stage will be to design, test and roll out a solution 2. Planning a course of action: The model below gives examples of common business risks that can threaten enterprise value. The core indicates the objective: to protect and enhance enterprise value. The perimeter depicts approach to business risk solutions.
3. Remaining on course: Cost of compliance pays off because there is tight linkage between improving process, quality and time performance and strengthening of the effectiveness of internal control. 4. Event response: it is impossible to predict the future. But one can be prepared for it. Unexpected business challenges must be dealt with quickly and decisively to reduce financial risk and protect enterprise value. Examples are litigation, fraud, financial loss etc. It is important to track early warning signs of emerging threat and respond. Preparedness includes corporate security, litigation counsel, investigation ability and in-house knowledge. Not all risks are created equal. Some should be avoided completely, while others can be turned into competitive advantage. It pays to understand risks clearly and have a plan of action.
“Ship that will not sail until all dangers are over, must never put to sea� Thomas Fuller
IIA QATAR NEWS LETTER 2014
08 INFORMATION TECHNOLOGY
A platform to achieve business goals:
General Myths and Facts concerning the Information Technology are: Myths: • “Information Technology” is a business requirement to be addressed by “technologists”. • “Enterprise Architecture” (EA) conjures images of technical model and diagrams not beneficial to business.
Jijil Kumar M.J. The role of omnipresent use of technology to enable the business is felt universally with its penetration to all the major nervous systems of business like communication, data management, management information system, supply chain systems, customer relationship management etc. This enables the achievement of business goals by building a repository of information platform that can be leveraged to reduce cost and improve operational efficiency.
• IT is responsible for any new technology implementation. • Being Neutral is better.
Facts: • IT Strategy and planning no longer be conducted as a separate activity and forms part of business strategy. • EA begins with development of business architecture and is driven by business perspective. • Any new IT initiative requires a “Portfolio Management Approach” with early participation of all the stakeholders. • Being Neutral is sometimes worse. IT democratization and innovations deployed refined systems of management to deliver business value.
IIA QATAR NEWS LETTER 2014
DELIVERING VALUE THROUGH INFORMATION TECHNOLOGY ENABLEMENT
BUSINESS CAPABILITIES
Employing people, processes, data and services to drive a business outcome such as increased revenue, cost reduction, better customer satisfaction and employee productivity.
BUSINESS SERVICES
Partnering business and technology owners to improve business processes through automation or by exploiting information.
TECHNOLOGY SERVICES
Delivering, supporting and maintaining applications, en-user productivity, tools and infrastructure. Analogous to Infrastructure - and Platform as a Service (Iaas/PaaS).
RESOURCES
09
Technologies (E.g.: Networks, servers, storage, software) data, facilities, utilities, and people that can be employed to deliver services and capabilities.
Information Technology is the core platform which is relayed upon by varied layers of management in the hierarchy. Information systems extract stored datwa, process and divulge day to day operational and management information, etc.
IT is expected to play a central role in: 1. Delivering Competitive advantage: With automation and improved business process efficiency IT is expected to deliver cost reduction and accelerated operational leverage. 2. Strategic planning & detecting trends: With data mining and business intelligence analytics, IT can help predictive analysis to support the strategic decisions in business. Integrate latest technology innovations leading to refined management systems.
3. Increased efficiency & Speed with no downtime: Information system offers high level of process efficiency and organization. Ensuring Confidentiality, Availability, and Integrity with high information efficiency and effectiveness is primary. 4. Improved deliverables to customers: Internal and external customers should be served with personalized options and increased convenience. Value from Information is derived from strategic planning of information systems underpinned by enterprise architecture, a business aligned portfolio and business focused IT performance. This can be achieved only through a close working relationship between business and IT to make decisions to align business and IT strategy.
“It’s not the faith in technology. It’s faith in people.” Steve Jobs
IIA QATAR NEWS LETTER 2014
Past Events:
10
The Future of the Internal Audit Profession (April 2013) natural that impact business. Further, there are more demands from stakeholders, lower margin for error and less time to recover. Thus the management oversight activities and governance are imperatives for business success where internal audit plays pivotal role. Larry advised auditors to move beyond financial audit to be indispensable champions in the realm of GRC (Governance/Risk/Control), business insight and strategic & value advisory. The IIA’s Common Body of Knowledge (CBOK) is a research study to identify whether the auditing profession is on target with stakeholder expectations.
The Institute of Internal Auditors Qatar with Scientific Accounting Association had the privilege to host the Vice Chairman of the IIA Board Larry Harrington for a talk on “the future of the internal audit profession”. Larry is also the Chief Audit Executive for Raytheon, a $25 billion defense company in the USA. Larry started his talk founded on his research on Qatar and the internal audit profession in the country. He praised the leaders of the Country for having a vision over a longer term. “The IIA’s core purpose is to advance the profession and its value around the world. The overarching goal is internal auditors will be universally recognized as indispensable for effective governance, risk management and control” Larry stated. He reiterated that preventive and detective controls are no longer the alpha and omega of auditing, but more emphasis should be on the monitoring thereof, as that is the way auditors can help their organization to be more effective. “Auditing profession now receives more importance than ever before. Auditors should be critical success factor for business enterprises” Larry said. The key reasons he pointed out are: business has never been more global, Risks complexity and velocity continue to increase, Technological innovations are happening at high pace and there are disruptions both manmade and
IIA QATAR NEWS LETTER 2014
Leaders must be able to effectively synchronize three aspects referred to as the three C’s, Connect, Collaborate, and Communicate. Auditors should be agents for positive change with a sense of urgency.
11 Internal Audit – In the Eyes of the Regulators (July 2013) positive change and improvement”
The Institute of Internal Auditors Qatar hosted a seminar with two speakers on complimentary topics. The seminar outlined the expectations from Regulators who stressed the importance of the correct positioning of the Internal Audit function and identified the challenges relating to developments in the legislation process in Qatar pertaining IT security and protection mechanisms. The first speaker, Ewald Muller, is a Director at Qatar Financial Centre Regulatory Authority. Ewald focused on the role of Internal Audit in governance and regulation with examples from banking supervision. Referring to a study Muller said: “Internal Audit’s value will be measured by its ability to drive
Ewald stressed the importance of Internal Auditors to focus on risk based audits and importance of annual communication to the Board on their assessment of internal control. He also stressed that Internal Audit should be part of the combined assurance model along with finance, compliance, quality and other related functions. With regards to the regulatory requirements on Internal Audit, the speaker referred to Basel II promulgation that specified roles and responsibilities of Internal Audit and External Audit with respect to credit risk, market risk and the challenge to identify the unknown risks. “Internal Audit should therefore no longer be a back room occupation, but makes a positive contribution to the robustness of the business, while maintaining its independence” Muller emphasized.
respect for privacy and overall IT security and protection. The speaker referred to cyber warfare and hacktivism as existing phenomenon. “The State of Qatar has the desire to be on the foreground as there are assets and information that are critical for protection. Some of the legislations in pipeline are first of its kind in the Middle East” Samir said. He shared the business model for information security useful for auditors to ensure their organizations have a framework in place to ensure assets and information is adequately protected”
The second speaker, Samir Pawaskar, a Manager in Cyber Security Strategy and Policy at ictQatar, took the audience through the developments in Qatar relating to the legislation for the protection and control over critical information,
IIA QATAR NEWS LETTER 2014
12 CONFERENCE SPONSORS : Platinum Sponsors
Gold Sponsors
IIA QATAR NEWS LETTER 2014
13 Silver Sponsors
Bronze Sponsors
Academic Sponsors
IIA QATAR NEWS LETTER 2014
14 COMMON BODY OF KNOWLEDE IN INTERNAL AUDITING (September 2013)
conclusions from the study were, “As a profession internal audit is evolving and valued, it is believed vital to organization health and wellbeing and the characteristics of Internal audit activity will place more emphasis on corporate governance, enterprise risk, strategic reviews and ethics audit”. The Institute of Internal auditors Qatar for the first time collaborated with Qatar Faculty of Islamic Studies, Qatar Foundation for a joint seminar on “Common body of knowledge in internal auditing”. The presenter, Professor Dr. Mohammad J Abdolmohammadi of Bentley University, Waltham, USA is a very senior researcher with over 150 papers published in financial and managerial accounting, auditing and financial statement analysis. His award-winning work on external and internal auditing and ethics has appeared in over 100 journals. He has taught at Indiana University, Boston University, and the University of Illinois at Chicago. Common Body of Knowledge (CBOK) in an ongoing global research study to broaden the understanding of how internal auditing is practiced throughout the world and to analyze the state of the internal audit profession. The professor’s summary of the
IIA QATAR NEWS LETTER 2014
The professor went on to add that, the core competencies for today’s internal auditor are communication skills, ability to identify problems with solutions, stay informed about regulations and standards and understanding intricacies of business. He pointed out that only 30% of auditors have specialist certification and almost one-third of audit departments have no formal measurement of value added, which indeed deplorable and requires correction. Dr. Muhammadi pointed out the areas of improvements, which were higher compliance with standards, expanding university level education in internal audit profession and intensive post university training. Some interesting facts shared during the presentation: the 30% of the internal auditors were in the age group of 26-36, women are entering the profession in increasing numbers, more auditors have graduate degree, reporting line is to the top management and there is increase in demand for auditors
15 IT AUDIT ESSENTIALS FOR INTERNAL AUDITORS (September 2013) log reviews, system performance reports, segregation of duties audits and understanding network diagrams. “IT auditors should ask the right questions and get the right answers” Vittal emphasized.
The Institute of Internal Auditors Qatar hosted a seminar on “IT audit essentials for internal auditors” by R. Vittal Raj an assurance and management consulting expert. Vittal is a specialist in IT Governance, Information Security and Enterprise Risk Management and advises senior management on strategies on these areas. He is currently international vice president of Information Systems Audit & Control Association (ISACA) USA, a very prestigious position in the global thought leadership of the profession. Vittal started his presentation with questions that he expects every auditor to have right answers: “To what extent the business is enabled with IT? What is the role of internal auditor in protection of information
assets? Will the internal auditor be held responsible for information security incidents?” Depending on the business risk involved, due care and diligence should be applied in the audits and lapses will be construed as non-compliance to the standards. As new technologies continue to emerge, businesses are inextricably dependent on IT for the value they deliver but also are challenged by the risks of using IT. The management looks to their Internal Auditors to provide the much needed business risks assurance, hence placing demands in building competence for auditing in an automated environment.
The 7 Steps Approach to IT auditing was elucidated. The steps were: Understanding the Business, Understanding the Technology dependency, Risk based auditing, Execution of audits, Identification of control weaknesses and documenting, Reporting and communicating and Management updates and follows up. Discussions on a few IT auditing facets using real life examples and case studies facilitated better comprehension of audit methodologies.
The seminar guided auditors on the use of data analytic tools, system
IIA QATAR NEWS LETTER 2014
16 Training on data analytics for internal audit (November 2013)
IIA Qatar in association with Argon Global organized a workshop on “Data analytics for internal audit using ACL Technology”. About sixty auditors representing Banks, Government and Private sector companies received a full day hands on training with ACL data analytics software. Data analytics software solutions enable comprehensive, independent testing and monitoring of transactional data, enabling organizations to validate the effectiveness of internal controls across organizations and to meet regulatory objectives. ACL has been used very successfully by several financial and other organizations across the globe for data analysis and fraud detection. Balaji Rengarajan, a certified Master Trainer from ACL with 18 years of experience in IT audit, consulting, risk management and governance conducted the training. “Data analytics not only helps in delivering higher quality audit but the business insights through it provides can be historical, real-time or predictive. This knowledge is indispensable for today’s auditors” said Sundaresan Rajeswar, the IIA Past President who organized the event for the chapter. The training comprised of practices in how to create tables to access data, display filtered data, verify data integrity, create expressions, compare data from different systems, profile data and produce reports.
IIA QATAR NEWS LETTER 2014
17 Workshop on IT Risks and Governance (December 2013) The presentation covered emerging risks that should be evaluated by businesses to ensure the security of sensitive data by developing appropriate corporate policies and controls. The healthcare privacy laws related to clinical information, health records, and other confidentiality requirements are becoming stringent. How Merger & Acquisition impacts information security of the acquirer and the acquiring company was also stressed upon. Topical issues such as Cloud risks, Post Snowden impact, FedRAMP regulations that have relevance globally were touched upon. The Institute of Internal Auditors (IIA) Qatar held a seminar on “Emerging risks and corporate governance role in managing it” and for a full day workshop on “Technology, Governance, Risk and Compliance” which was well attended by over 75 professionals from IT and Auditors from Financial institutions, Government, Regulators etc. The presenter was Asif Siddique from San Francisco. USA. Siddique has over 20 years of experience in management consulting, enterprise risk management, establishing corporate governance, and cyber security programs. He has worked in the Silicon Valley for past 15 years and has provided leadership on various projects which include technology deployment, product development, enterprise information security and privacy control measures and compliance with global regulatory requirements. “It is imperative that Auditors understand the business, risk assessment methodologies and how IT’s role is vital and integrated. The value auditors deliver to organizations depends a lot on having the right focus.
The workshop topics included Technology Governance with specific focus on roles and responsibilities to enhance transparency and accountability in managing technology processes. The varied models of governance structures were explained with flat and thin organization charts. “The models of organizational governance structure can hardly be a standard fit, since the prevailing company culture and type of business determines what could be the best. It is important to ensure “Independence” for Information Security Officer in the governance structure” Siddique cautioned. Siddique focused on cyber security threats as well as controls and processes to develop and deploy to protect against cyber-attacks. The attendees were surprised to hear that based on research Saudi Arabia, Qatar, and Kuwait are in top 5 countries that receive the most spam Emails and phishing attacks. As spam and phishing are the most common ways for cyber-attacks to propagate within the network, the workshop also discussed how to prepare for such scenarios and take steps to minimize such incidents.
18 Seven Lessons learned from audit – a personal journey (December 2013)
Abdulqader Obaidali an Emirati national and the Chief of Internal Audit for Dubai World, and the current President of the UAE Internal Audit Association presented a talk on “Seven Lessons learned from audit –a personal journey” to the members of the institute of Internal Auditors Qatar. Abdulqader holds a Bachelor of Science in Electronic Engineering and a Master’s degree in Technology Management. He has a cumulative work experience of more than 30 years in the fields of IT, Quality, HR and Internal Audit. “A few professions have experienced as much change over the years as internal audit - a trend that is certain to continue in the future. In some ways the practice of internal audit will look different in the coming years. Internal audit will grow deeper rather than broader” Sundaresan Rajeswar, the IIA Board member remarked. “Preparedness of internal auditors in the changing world demands accelerated learning from experts who share their valuable experience. Abdulqader being a thought leader and one who championed change in the internal audit arena in the Middle East surely was the best choice” Hassan Al Mulla, the IIA president said during introduction. The first and foremost lesson imparted was related to recruiting the right staff. Ali insisted that all significant positions should be filled only after adequate background and reference checks, skills test, ensuring complete credibility of credentials and track record. “The worst selection process is a 30 to 45 minutes
IIA QATAR NEWS LETTER 2014
interview since candidates comes fully prepared” he said Auditors unfortunately portray a policeman image. This prevents developing cordial working relationship through a collaborative process. There is mistrust as a barrier. “Separate audit from fraud. These two are incompatible. Audit takes months to complete whereas fraud takes years. Handing fraud requires essential legal background as the case will move from police to investigator to court” Abdulqader stated emphasizing his experience in investigating over 450 cases of fraud. Auditors were advised to adapt advanced technology assisted data analytics and interrogation tools. Another focus area for audit is emerging threats through cybercrimes, hacking, malwares etc. that impact protection of company data. Prevention mechanisms including data classification, tested disaster recovery center and application controls, which are mandatory for every company with IT dependency.
19 Contract Risk and Compliance (March 2014)
The Institute of Internal auditors Qatar organized a seminar on “Contract risk and Compliance”. The presenter was Hossam Samy, a Principal in Deloitte Enterprise Risk Services (ERS) and is currently leading the ERS Public Sector practice in the UAE. Hossam has extensive experience in the field of Internal Audit, Contract Risk and Compliance reviews, Risk Management, Corporate Governance, and SOX compliance. Providing the context of the seminar, Hossam stated that risk consultants, are often asked how external relationships can be assessed to evaluate the level, nature, type, and magnitude of risks which are imposed upon our clients as a result of being involved in such business relationships. Contract Risk and Compliance (CRC) is a tool which allows us to identify
and assess the risks and measure the impact on our clients. This tool can be deployed as a preventive approach as well as a detective approach to identifying, and therefore, mitigating contract risks. CRC services help clients improve risk intelligence and maximize value from their external business relationships by assisting them with: • Identifying and assessing key risks associated with external relationships. • Improving confidence in and awareness of information shared between themselves and their business relationships. • Assessing the integrity of other organizations’ controls. • Verifying compliance contractual obligations.
with
• Recovery of excess costs or additional revenues.
The seminar was well received and provided a valuable insight about contract risk and compliance
IIA QATAR NEWS LETTER 2014
20 COSO Framework for Internal Audit professionals (February 2014)
The Institute of Internal Auditors (IIA) in conjunction with KPMG Qatar, organized a seminar on “COSO – the Journey beyond”. Mr. Hassan Al Mulla, the IIA President, inaugurated the seminar and talked about the changing trends in risk management and controls, due to globalization. The seminar topic was delivered by Mr. Issa Habash, Risk Consulting Partner, KPMG Qatar, who drew from his 15 years of experience in risk, controls, corporate governance and internal audit. He shared his valuable thoughts on the COSO internal control framework for 2013. Issa further added that, “While internal auditors play a key role in the system of control, Management has responsibility for internal control”
IIA QATAR NEWS LETTER 2014
While discussing the COSO framework and effective internal controls, Issa stressed on the following: • Establishing a common business risk language. • Establishment of a risk-sensitive culture. • Incorporating strategic business objectives into the risk management process; and • Providing a flexible approach to evaluating or designing business risk controls.
21 Global Internal Audit Leadership Meet (March 2014)
Richard Chambers, Chief Executive Officer of the IIA Inc. talked on the state of the IIA/ Global Footprint with the results of latest survey called the pulse of the profession. The top stakeholder expectations from internal audit are strategic business support, operational risk mitigation, assurance for regulatory compliances, reporting on risk management effectiveness and IT security.
The Institute of Internal Auditors Global council is an annual flagship event where internal audit leaders from around the world participate as a unique opportunity to shape the future of the internal audit profession. The 2014 Global Council held recently in Dubai was attended by over 200 internal audit thought leaders representing 84 nations. Hassan Al Mulla, President and Sundaresan Rajeswar, Contact Person from IIA Qatar attended. Paul J. Sobel, Chairman of the IIA Global Board in his address emphasized the future of internal audit as enablers of sustainable value. This he said can be achieved by giving confidence to the managements to take risks, by imbibing technologies and adopting the best practices related to social media and other communications.
The breakout discussion sessions with 20 diverse group compositions addressed core areas: Strategic planning, Advocacy, Reassessing International professional practice framework (IPPF) and Membership value proposition. The IIA’s strategic planning leader Anton van Wyk, Senior Vice Chairman dealt with the core purpose how to advance profession and its value around the world. He listed the trends, obstacles and opportunities and guided discussions on high priority areas, leadership roles etc. The deliberations identified challenges, needs and opportunities in the membership recruitment and retention, how auditing standards are meeting the current and evolving expectations and laid down roadmap to a coordinated advocacy plan with defined global, regional and local targets and roles.
IIA QATAR NEWS LETTER 2014
Newspaper Article Collage
IIA QATAR NEWS LETTER 2014
22
Recap of 3rd National Conference 2013
23
IIA QATAR NEWS LETTER 2014
www.theiiaqatar.org