“Predict to Prevent' – Unleashing Internal Audit's Value.” – Webinar by Imran Zia
'Predict to Prevent' – Unleashing Internal Audit's Value."
"The scale and scope of risks are changing at an unprecedented pace, propelled by the increasing interconnectedness of organizations and rapid disruptions in business models and technology landscapes. Internal Audit function should transform their service delivery models to stay relevant in this ever-changing world," stated Imran Zia.
Imran Zia is the Director of Risk Management at Vancouver Fraser Port Authority, Canada. Imran has worked for multinationals, Big Four Firms, and National & International corporates. He also serves multiple professional bodies in different capacities, such as the IIA Vancouver Island Chapter, Harvard Business Review Advisory Council, ACCA's Global Forum for Audit & Assurance, ACFE's Global Advisory Council, etc. Imran has been a regular speaker at professional conferences.
Imran started his presentation by illustrating the impact of business disruption caused by technological and business innovations. There are many growth drivers that no business can afford to lose sight of to adapt, be flexible and incorporate changes in the business models.
Risk-centric versus objective-centric audit risk assessment is an emerging concept. "Risk registers and heat maps don't depict residual risks since they are not linked with the company's strategic objectives. Photo frame risk management is an illusion; the conventional High, Moderate, and Low-risk ratings are outdated. Auditors should move to the Risk universe from the Audit universe to be effective," said Zia.
The way forward is instead of looking at the audit universe, the company's objective register should be used for audit planning. Risk management should be a dynamic real-time process. Reporting the effectiveness of the company's internal controls alone will not suffice, and auditors should compare residual risk status with the risk appetite.
"Are we providing the right assurance?" was the challenge for internal auditors. The three approaches are: To start big by conducting an enterprise-wide assessment based on potential fraud risk exposure, a Targeted approach to identify the highest risk areas with known internal controls gaps, and Pilot a selected focus area for later rollout.
"Staff for the audits we perform not perform audits based on the staff we have. If the business risks are changing, we need to change the skills at that speed. Constantly check whether audit engagement is adding expected value," Imran stated as he explained internal audit planning. Value is what the customer places value on, not what an internal audit would like to consider valuable.
"Imran, in his presentation, covered the entire gamut of internal audit's current discussion points and provided valuable recommendations. He dealt with some serious questions for auditors to explore or retrospect, such as whether we are looking for value at the wrong places, audit where risk is going to be, not where it has been, internal audit reputation, and the right way of reporting. Having worked in Qatar, he could bring Middle East perspectives very well. The presentation was beneficial to members," said Sundaresan Rajeswar, a Board member who coordinated the event.
Girish Jain, the Seminar chair, welcomed the gathering and handled the Q&A session, and Aisha Rafique was the liaison with the speaker. Over 100 members attended the event. For more information on the webinar, please get in touch with the IIA at seminar@theiiaqatar.org
***********