A recent internal audit at VW in response to the scandal revealed that that Bosch (the company that supplies electronics to the auto industry) warned VW only to use the cheat mode internally back in 2007, and that a whistleblower tried to raise the alarm internally in 2011.
You can read more about this at http://arstechnica.com/cars/2015/09/report-vw-was-warned-about-cheating-emissions-in-2007/
As per Marvell’s SEC filing Audit Committee of the Company’s Board of Directors is conducting an independent investigation to review certain revenue recognition issues in the second quarter of fiscal 2016 and any associated issues with whether senior management’s operating style during the period resulted in an open flow of information and communication to set an appropriate tone for an effective control environment. More specifically, the investigation has focused on the approximately 7 to 8 percent of revenue recognized in the second quarter of fiscal 2016 that, based upon the original customer request date, would have been received and earned in the third quarter of fiscal 2016 and is now no longer available for receipt in that quarter.
As internal auditors this is one area which of perpetual risk given the pressure management at all levels has to meet revenue targets.
Source : http://www.theregister.co.uk/2015/09/11/marvell_earnings_delay/
Principal Chief General Manager”
You can watch the video here http://ed.ted.com/lessons/how-art-can-help-you-analyze-amy-e-herman.
This method could also be used as a tool to help internal auditors be better at their jobs and help them see the whole picture or the bigger picture.
A big challenge while training internal auditors is how does one teach the softer analytic and investigative skills that are required to make a good auditor. Case studies can only take one so far, since they only teach how one should reach in situations similar to the case study.
In the past while working with new staff who has joined the audit function from the business you are always faced with a problem of how to teach them to ask the right questions and tailor their approach for the situation they are in. When we cannot teach this skill effectively, the amount of rework and review points go up. Along with this the frustration levels also go up.
As a young auditor you learn to anticipate the type of questions your manager always asks and ensure you have those aspects covered. This ensures that the audit review is smooth and there isn’t too much back and forth between the auditor and the auditee.
However, this approach limits the effectiveness of the audit to the approach of the person managing the audit and may leave the organisation vulnerable to risks on the ground which the auditor didnt pickup during fieldwork due to lack of skills.
I think we could look at techniques used to analyse art as another way to train audit staff. Some of the techniques are http://www.getty.edu/education/teachers/building_lessons/formal_analysis.html
Ensuring that you can run your business and service customers after a business disruption is critical. The business disruptions don’t have to as big as a magnitude 9 earthquake however its impact on the business can be similar, especially in a Start-up enterprise.
In the initial phases when you are developing your product and working with limited customers it is important to ensure you have thought about things that can go wrong and disrupt your business. Examples of these could be:-
– disagreements between co-founders or some co-founders leaving (case of Housing.com )
– leaving of a critical employee
– unable to hire the right skill sets when it is time to scale up
– crashing of computer/harddisk with key piece of code/website
– unexpected competition from new or established players
– A key vendor backing out
The founders should spend time to review their business practices, infrastructure and business relationships to ensure they are aware of any critical points of failure (which in a start-up maybe all!!!!) and look at possible backup plans they can formulate before hand to ensure they don’t too many crisis to manage. They could even have someone from the outside do a quick review to ensure they are covered all angles.
Especially, when we realised today that the person who was arrested had taught my daughter to skate a couple of months back! Imagine how close she came to an incident like this!
The articles have talked about how there have been complaints about the person in the past and because of this he was let go from another school. This made me sit up and think, don’t schools do background checks of their employees much like a lot of companies do? (A background verification will confirm a person’s identify, education qualification and past employment history).
Looks like this may not be a common practice outside the Financial services domain where it is regulated by foreign regulators and Indian companies are forced to comply.
I think its time we as parents start to force schools to adopt these practices, as India starts to replicate western culture more and number of instances like these rise.
From a school’s point of view, having this process makes a lot of sense as the success of a school is based solely on its reputation and once such instance can close you down. I believe ICSE board may consider to do that as per this article – Vibgyor School Rape case; ICSE Board to derecognize the school?. I am sure spending a few thousand rupees per person is better than risking such an incident.
Background verification plays an important role in other areas also, like when you hire someone to work at your house, sending your child to a class etc. And we ensure we do it to an extent in most cases either informally by talking to people we know or a more formal police check.
So if we do it for the help we hire at home should we not ensure that the school does it for the teachers who interact and take care of our child for most of the day?
I am already asking about this at the school my daughter goes to.
This got me thinking about hiring for Internal Audit. Given the importance of the function and the absolute need to have skilled staff, how do audit functions ensure they get the right people.
Having hired for a number of years now in India, I can tell you its a challenge to get right people. One needs to assess if the person understands risk and controls, can the person write up and issue can he/she negotiate the issue with senior management, will the person be a self starter who can really dig into a process to find issues or will he just do the minimum to complete the documentation, is she a quick learner?
So how do you ensure you get the super star auditor every time? Well you rely on the resume, ask questions maybe get a case study completed, check reference. All good practices.
But do we have controls in place to take care of the human factor? Which forces us to make compromises when there are multiple forces pulling the hiring manager. I am sure a lot of you reading this will be thinking that in your company you have the right controls, and it maybe so.
However, that is not the case everywhere. A lot of times junior auditors are hired based on call taken by only one person in the team or a the candidates for the head of audit position is interviewed by peers and CEO for shortlisting.
So do we need more independence in the hiring process and how should it be brought in?
A few options are to either train HR to interview internal auditor on functional aspects so that they question the audit team if a good candidate is not selected or you take outside help.
Do you agree?
Being an auditor, I was interested to learn about things that can go wrong and found this one articles (5 Common Startup Mistakes That WIll Sink You Later) on mistakes that start-ups make. Except for the last point about building the right processes and controls all other topics are have been covered to death by most other articles that I read.
Also, why should you think about boring things like processes and controls? Especially when starting something on your own was about breaking free and not worrying about them in the first case! Well, having controls and good processes are as important as having a good foundation for your house. If the foundation is not right you would have problems in future which will be very expensive to fix or may take the whole house down.
- There is no revenue leakage i.e. you are making sure all the work/product/services done for the customer is getting converted into rupees or seen as a value add by the customer. This is one of the most important control in even the most mature organisations who struggle to ensure customers are being billed for everything. For a start-up this is even more important as in the initial phases we are struggling for every rupee.
- Structuring the company, looking at regulatory requirements, taxes etc. For example there is recent news that Flipkart maybe in breach of Rs. 1400 on FEMA (Refer http://articles.economictimes.indiatimes.com/2014-04-30/news/49523491_1_accel-partners-flipkart-online-services-cedar-support-services). Something like this if upheld can cause real problems when you want to sell your stake or go in for an IPO.
- Controlling the vendors
- Ensuring compliance’s are met on an ongoing basis
- Controls on information and customer data
- Working Capital Management
- etc. etc.
I hope I have been able to give some insight about why it is important to ensure you have the right foundation for your venture by putting in a good structure and control principals as soon as possible. These can then be expanded/evolved as the company grows.
The best option is to think about these and try and implement it yourself. You feel you need help you could work with any number of consulting firms to help you with these if you are well funded and able to spend big dollars or you could with freelance consultants like me to help you navigate these risks.