A Panel discussion : Neeraj Kumar Sridhar Ramamoorti ... Three/Mohammed A. Siddique (10.45-12.15)...
-
Upload
dangnguyet -
Category
Documents
-
view
217 -
download
1
Transcript of A Panel discussion : Neeraj Kumar Sridhar Ramamoorti ... Three/Mohammed A. Siddique (10.45-12.15)...
A Panel discussion :Neeraj KumarSridhar RamamoortiMohammed Siddiqui
International Association of Airline Internal Auditors 10 – 13 Oct 2010, Istanbul, Turkey
Over 25 years of Internal Audit and Risk Management experienceSenior Manager , Director Deloitte , Jefferson Wells - 2004 - 2005 Senior Vice President Internal Audit – Emirates Group 1998 - 2004Chartered Accountant and Certified Internal Auditor.Canadian Representative on IIA’s Value Proposition Task Force Past Vice Chair of Canadian Council and Chair of Education Com.Past President of the IIA Dubai Chapter.Past member of the IIA Global Board of DirectorsMember of the Board Audit Committee of a major carrier
2
The governance failures, corporate collapses, the “2008 Wall Street melt down,” the Great Recession. Recently – BP, HP, Microsoft…FCPA investigationsRamifications for the economy, the community and the world. Global linkages and interdependencies of the situation
4
6
Corporate “stress” points
• What could take the organization to the pinnacle of success? Leadership
• What could bring the organization crashing down? Leaders in power
……ALL ABOUT …PEOPLE………….6
The Creation …
The End ......the riserebirth of the new and better race:
Is the corporate world following the inevitable cycle of life and death ?
8InterGovenmental Conference on Risk Management , 14,15 Sept
2010 - Conference Board of Canada
PeopleShareholder
Board Executive
VP Directors /
Management Supervisors
All Employees
Behaviors
Arrogance Anger
Passion
DishonestyGreed
Incompetence 9
10
Company Ethics Greed Competence
Arrogance
External
EarthQuake?
Barings No
Enron No
WorldCom Maybe No
FnM&FrM No
Societe G No
Arthur A No
Satyam C No
What went wrong..?
11
Company Fraud Greed BadMngmnt
Fashion Cafe
The Hit FactoryBre-X Minerals
Tucker Automobiles
Madoff
What went wrong
Were these avoidable….? Did someone know about these impending disasters?
•AICPA, CA, •CGA
• Suppliers• Customers
•External Auditors
•Regulators•Legislation
Owners,
ShareholdersBoard/Audit Committee
IA , ERM Compliance
Executive (C Suite)
12 12
• What -Greed, Arrogance, Dishonesty, Passion -root causes of corporate catastrophes?
• Why nothing has stopped the disasters?• Who can detect bad behavior before it is
too late?• What role can Internal Audit play?
Key discussion points
13International Association of Airline Internal Auditors
10 – 13 Oct 2010, Istanbul, Turkey
1. What could have caused businesses to fail in the recent past ?
2. Why are these issues continuing to create disasters in the Corporate World?
3. Is it possible to “detect” and “predict” bad behavior before it can cause huge damage?
4. Who among the “stakeholders” should be accountable for identifying behavioral issues at the C suite before these cause damage to the organization?
5. What could be done to prevent such corporate disasters?
14
12.5%
75.0%
5.5% 7.0%
Incompetence Dishonesty External Factors Other
What could have caused businesses to fail in recent years?
15
InterGovenmental Conference on Risk Management , 14,15 Sept
2010 - Conference Board of Canada
9.7% 4.7%
79.7%
6.0%
Board and Audit Committee
External Auditors Internal Auditors Other
Who would be most effective in identifying issues before its too late?
16
InterGovenmental Conference on Risk Management , 14,15 Sept
2010 - Conference Board of Canada
◦ Chairman, Enterprise One Consulting Services• Former Partner, Corporate Governance, Grant Thornton LLP• Ernst & Young, Thought Leader/Sarbanes Oxley Advisor • Arthur Andersen, Assurance Professional Standards Group • Backgrounds in Accounting & Psychology (The Ohio State University)• Accountancy faculty, University of Illinois at Urbana-Champaign• Chairman, Academy for Government Accountability, 2005-2008• Board Member: IIC, Ascend, IBPE; VP-Practice, 2 AAA Sections• Co-Chair, 2010 CBOK Global Study for IIA Research Foundation• COSO/ISACA Monitoring Guidance, IIA Textbook, The Audit Committee
Handbook, SOX 404 for Small, Publicly-Held Companies• ACA, CPA/CITP/CFF, CIA, CFE, CFFA, CFSA, CRP, CGAP, CGFM, CICA, FC
PA
+ Acting CFO for FlyDubaiCFO of Sri Lankan Airline for over 5 yearsChartered Accountant and Certified Internal AuditorFounder-President of the IIA Dubai ChapterFounder-President of ISACA’s UAE chapterEx-Chairman & Founder Member of the International Association of Airline Internal Auditors (IAAIA)Recipient of IIA UAE’s first-ever Lifetime Contribution Award Believes that understanding human nature is at the very heart of risk management
Sunbeam Fannie Mae/Freddie Mac Waste Management Cendant AZ Baptist Foundation HealthSouthEnron AIG WorldComAhold Adelphia VivendiTyco Parmalat XeroxSatyam Computer Global Crossing Societe Generale
Stock Options Backdating, Financial Statement Re-Statements, Wall Street Financial Meltdown = Lehmann, Goldman Sachs;Madoff, Stanford scams, etc.
(a disturbing sample!)
21
how to grant managers enormous discretionary power over the conduct of the business while stopping them from misusing that power…..
Result : The Boards, C-Level Suite, Professional Gatekeepers, Politicians, Legislators, Regulators, Standard-Setters, Financial Analysts, Media, Academics, Public…
How is this working……? Governance in good times produces a “halo effect”…
22
• Recent tales of Fraud, CG Failure and Folly–
• To the extent that:excessive risk taking (e.g., subprime crisis) can lead to massive losses, business failure or bankruptcy (no one knew, it’s someone else’s fault)executive stock options seem to be perversely implemented (i.e., we’re paid like rock stars and we’re worth it) it is difficult to assign culpability, hence no accountability (didn’t know or understand, can’t remember except to take the Fifth!, plausible deniability)a corporate governance issue arises in that ineffective Board oversight of management can be inferred (“money for nothing”)
KEY QUESTIONDo internal auditors recognize that almost all these
matters involve behavioral and integrity risks?
• Poor ERM/Governance Linkage: “The 'quants' knew of the risk, and [they] calculated it, but the businesses are more powerful than the quants…the good times were going and the commissions were flowing, even if [financial] models were showing risk.” (C. Marrison of Risk Integrated, 2008)
• Financial models can’t catch poor underwriting! "Lenders were making loans without documentation, without verification of income and on data sets that had no performance history behind them…Often, the underwriting did not correspond to the model”(Pam Martin, Risk Management Association, Philadelphia, 2008)
“Where is that moral compass that you need to hold back?" (Pradyot Samanta, S&P)
“It is hard to make a man understand something when his living depends on his not understanding it”
(Upton Sinclair, 1903)
Understanding Perfect Storms: Whole host of inter-dependent risks materialize in concert at the same time…all “checks and balances” failIt’s not Just the Auditors: Auditing profession was blamed when Enron/ WorldCom happened, but what about other capital market participants?Congressional interference with option expensing rules, conflicted legislators, financial analysts and rating agencies, Board audit and compensation committees, poor ERM linkage to governance within enterprises, non-existent and weak regulatory oversight, FASB standards allowed non-consolidation of SIVs, VIEs, QSPEs (e.g., FIN 46R as amended), media hype, and a fickle, indifferent public… “What’s not on the balance sheet is not usually audited!” (Who audits executive compensation? Esp. stock options) “On the Folly of Rewarding X While Hoping for Y” (Kerr, 1985)
"Board culture is an important component of board failure. The great emphasis on politeness and courtesy at the expense of truth and frankness in boardrooms is both a symptom and cause of failure in the control system. CEOs have the same insecurities and defense mechanisms as other human beings; few will accept, much less seek, the monitoring and criticism of an active and attentive board."
(Michael Jensen, 1993)
Solutions to the problem of fraud may not be found in economics, but in psychology…hence the rise of behavioral economics and behavioral finance (cf. Daniel Kahneman, a Princeton University psychologist, won the Nobel Prize for Economics in 2002)…”auditing behavior” with focus on “cooking-the-books” controls is the way forward!
So, how do we do it? Let’s turn to the panel…
• Healthy vs. Unhealthy Narcissism
• Traits and Characteristics of Leaders with Unhealthy Narcissism
A preoccupation with one’s status and powerA need to “stand out” with little tolerance for true teamwork and power sharingAn often charismatic style that can be inspiring, manipulative, and intimidatingA need to assemble around them individuals who provide adorationImpulsive risk taking
• An ability to psychologically employ “rationalizations” that excuse their transgressions.
• Deeply felt insecurities that are often masked by expressions of bravado and strong self-confidence.
• A very low tolerance for others challenging their decisions and behavior.
• A perspective that rules are made to be bent.• Support from a system of lawyers, the media and others who
can be “persuaded” with the right amount of money• Aura of a “victimless crime,” “criminals with clean
fingernails,” who can “steal without a gun”
29
1. Culture of Obedience to Authority – Boss is Always Right!2. Lack of expertise and/or assertiveness with those providing
governance and oversight3. Cozy multiple relationships at the top – internal & external4. Information tightly held by those at the top.5. Those who challenge are punished. 6. Collusion and vested interests7. Huge incentive for “demonstrating success”
30
Superiority: I deserve this. My success is my evidence.Potency/Invincibility: I am going to beat them—the
competitors, regulators, auditors.Derogation of Victims: They are too stupid and naive to figure
me out.Externalization of Blame: I have no choice. People and
Circumstances are to blame.Emotional Discounting: “They will get over it. They can find a
job somewhere else.”Temporal Discounting: “Act now. A bird in hand. Take it while
it’s there for the taking.”
[Possible “psychopathic” tendencies –see “Snakes in Suits” by Babiak & Hare, 2006]
31
Normalization - “This is common practice in other companies.” “Everybody else is doing it.”
Altruism - “We can’t share this information because it will make them culpable as well.”
Optimistic Self-Correction - “They are good, smart people and will figure out what they need to do.”
Self-Preservation - “I am in favor of blowing the whistle as long as someone else does it.”
Consistent and unwarranted breach of tolerance limits
Unauthorized, Indiscriminate and excessive asset disposals, acquisitions or mergers
False, unreliable and fraudulent production of vital information
Unauthorized/inaccurate disclosure of classified, vital information
Failures in technology / IT security
Gross negligence in managing operations
Fraud and Misappropriation
Excessive loans and/or withdrawals
33
34
1. One-Man Rule
2. Non-Participating Board
3. Unbalanced Top Team
4. Lack of Management Depth
5. Weak Finance Function
6. Combined Chairman and Chief Executive Officer
[See also book by Prof. Marianne Jennings on the
“Seven Signs of Ethical Collapse”]
What's WRONG
With our world?
The bright Light of “Ethical Guidelines”:
“Our clients' interests always come first. Our experience shows that IF we serve our clients well, our own success will follow.”
“Our assets are people, capital, and reputation. If any of these are ever lost, the last (REPUTATION) is the most difficult to regain.”
John Whitehead, Goldman Sachs former co-chairman
When Pluto himself violates…
• Unbridled Risk Appetite• Controls don’t work• Brink of failure• Situation:
RED HOT
YES!!! IA IS BETTER PLACEDto detect (and even deter)
management fraud
Provided...SkillAccess Independence (no fear)
Flawed Risk Evaluation process related to Audit Priority/Scope determination
Absence of risk assessment toolsOutdated risk assessmentsInadequate or no interaction with line and senior management for risk identification
Skill-gaps in information gathering & analysis.
Absence of Continuous Monitoring tools and techniques.
Compromised independence in conducting appropriate investigations and reporting.
When to the Top Cat we report, functionally or administratively
Our freedom is compromised,effectively and completely
When the Bosses are at play,No one can have their say
Should IA attempt to speak,We will be made to squeak
Because our toes WILL be stepped on, or no
1. Can Internal Auditors audit Ethics and Behavior?
2. Should internal auditors be trained to conduct "behavioral auditing"?
54
47%
80%
61%
86%
Atlanta Before Atlanta After Quebec Before Qubec After
Can internal Auditors audit ethics and behaviour? (YES)
55
InterGovenmental Conference on Risk Management , 14,15 Sept
2010 - Conference Board of Canada
9.7% 4.7%
79.7%
6.0%
Board and Audit Committee
External Auditors Internal Auditors Other
Who would be most effective in identifying issues before its too late?
56
InterGovenmental Conference on Risk Management , 14,15 Sept
2010 - Conference Board of Canada
81.0%
6.0% 4.5% 8.5%
Yes No, this is something which internal auditors
have or they don't
Yes, if this training is integrated into
the undergraduate curriculum
Not sure
Can Internal Auditors be trained to conduct "behavioural auditing"?
57
InterGovenmental Conference on Risk Management , 14,15 Sept
2010 - Conference Board of Canada
58
Chief Internal Auditors Dilemma
• What about CEO ,CFO , Top brass?• How to balance the “science” with the
art? Just gut feel not good enough• How to develop skills to monitor
“behavior” before it is too late• Whom to report to and when….?• How to develop formal and informal
comm. lines with CEO,CFO, Board
58
Profiling the Chief players (identify the potential Psychopaths)
Faster data gathering and analysis
CONTACT (Continuous Tracking & Analysis of Critical Transactions)
Ring fencing (including the Rule Makers)
Broadcasting your “new” skills & successes
Art of “close-but-formal” relationships
The “King” is the Supremo.
Most will respond with indifference:
“We already know about this...”
“Don’t worry, this is:approved/discussed/agreed/decided/being looked
into/too confidential etc...” OR
“What utter rubbish; you are wasting your time; you have no idea of the business.”
Hugely Debatable
Very Controversial
Let’s be truly Free… to go
Where NO Internal Auditor has ever dared to go before,
Officially
Direct Access to The Statutory Authority that deals with Compliance & Financial Reporting Regulations in the country.
- Access to be USED ONLY when “serious fraud or extreme RISK-taking” is suspected and stakeholders’ interests are involved.
- In the US, it is the SEC (Securities & Exchange Commission).
- In most countries, a similar body exists.
If you were required by Law to adopt “The IA Charter” in its full glory
If you were to have “Direct Access” to not only a truly independent Audit Committee, but also to
the State’s “Regulatory Authority”, and,
If you were able to provide, fearlessly: “Enterprise-wide Risk Assurance & Consultancy Services”
“Only then, will you be an Internal Auditor, my son!”
1. Do you know who has the power and the authority to make or break?◦ By Mandate◦ By Default
2. Do you know the extent of damage that can be caused by the ones holding the power and the authority?
P
R
O
C
E
S
S
Profiling Risk Identification
Upfront Mitigation
73
Monitoring
Response
InterGovenmental Conference on Risk Management , 14,15 Sept 2010 - Conference Board of Canada
•People with Authority & Power, Attitudes •Personality preferences, Conflicts•Career chart, Social pressures, Values
Profiling, Risk Identification
Upfront mitigation
Monitoring
Response
74
Back Checks, Governance, Controls, Segregation, Compensation modelIndependent oversight,Regulatory regimes
Compliance, Performance results, Swings in financials, Compliance Record, Disclosure failures, Audits, Reviews, Hotlines, lifestyle
Informal/formal, exploratory, suggestive, phased…..?
Behaviourissues of
Membersof Board CEO, CFO Executive Senior Mng Operations
/Dealers Who would
know
Shareholder
Board
Executives
External Auditors
Regulators
Chief Risk Officer NO
Chief InternalAuditor NO
75
1. Can Internal Auditors audit Ethics and Behavior?
2. Is it possible to “detect” and “predict” bad behavior before it can cause huge damage?
3. Who among the “stakeholders” should be accountable for identifying behavioral issues at the C suite before these cause damage to the organization?
4. What could be done to prevent such corporate disasters?
76