The programme of work is guided by a risk-based model that directs audit resources towards audit entities with the highest risks. The risk model prioritizes audit focus on audit entities by looking at a number of factors such as the size of the budget, the nature of the expenditures involved, human resources factors, context and past audit findings. 

Our Internal Audit Charter establishes the  framework of the internal audit activity and provides a basis for  ensuring  a  stronger  and  more  integrated  system  of  assurance  on  the  adequacy  and  effectiveness  of  UNESCO’s  governance, risk  management  and  control.

IOS maintains a Quality Assurance and Improvement Programme (QAIP) that covers all aspects of the internal audit activity to ensure that internal audits follow a systematic and disciplined approach and comply with the Institute of Internal Auditors (IIA) Standards and the Code of Ethics. IOS aims at achieving continuous improvement of audit working methods through a dedicated Professional Practice Unit, periodic assessments, peer reviews, post-audit client surveys, harmonized methodologies for more consistency and efficiency, and by keeping abreast with emerging audit and technology trends.

The Standards provide that external assessments must be conducted at least once every five years by a qualified, independent assessor or an assessment team from outside the Organization. In 2021, IOS/AUD was subject to an external quality assessment which concluded with  overall opinion that IOS/AUD generally conforms with the Institute of Internal Auditors’ Standards and the Code of Ethics i.e. the highest compliance rating accredited by the Institute of Internal Auditors.

Crusoe Osagie

The Bank of Industry (BOI) has charged internal auditors to adhere to global best practices to remain relevant and attractive to business organisations, noting that internal auditors must support businesses to achieve set organisational goals especially at a time like this when the economy is in recession.

According to the acting Managing Director, BOI, Mr. Waheed Olagunju, internal auditors must not only identify obstacles hindering business organisations, but also seek ways to support businesses to remain profitable without violating regulatory requirements and incurring losses.

Olagunju who was represented by the Chief Risk Officer and acting Managing Director, National Economic Reconstruction Fund (NERFUND) Mr. Ezekiel Oseni‎, said: “Internal auditors should not only detect fraud, but help the management to achieve their purpose, but as we have it today, we have the internal auditors concentrating more on accuracy test, detecting and investigating fraud.”

He however stated that since he assumed office as acting Managing Director, NERFUND, he had been able to recover Non Performing Loans (NPLs) from customers who initially did not want to pay back the loans they borrowed, saying that NPLs estimated to be about N17.2 billion ‎are still in the hands of those who defaulted in paying back the loans borrowed.

“The good news is that many of the customers that did not want to pay before have all being coming around to ask for a loan work out where we would also provide them concessions on interest, but I insist that they must pay the entire principal sum before talking about their standing interest while I have successfully been able to refer others that are not willing to pay to Economic Crimes and Financial Commission (EFCC‎),” he added.

The representative of the acting BOI boss during a quarterly meeting of the Association of Audit Executives of Banks in Nigeria (ACAEBIN) said people involved in cyber crimes ‎are very intelligent people and always look for loopholes, advising that it behoves of internal auditors to be on top of their game, study how the system works, identify loopholes are and ensure sufficient control mechanism to address cyber crimes in the country.

“The internal audit function today is not what it used to be many years ago due to several global and localised reasons such as the financial scandals which resulted in massive job losses and loss of shareholders’ fund, new regulations and the dynamics of the business environment,” he added.

H‎e pointed out that internal audit function today is to provide independent assurance that the organisations risk management, governance and internal control are operating effectively, stressing that presently, internal audit function is involved in the transaction process to ensure errors and losses are avoided which is a more preventive measure while it also shares in the blames, losses and errors that could have been avoided.

According to him, “In the nearest future and it is happening already, the internal auditor rather than sticking to auditing of past activities or providing assurance on risk management, governance and internal control processes would be required to‎ team up with strategic business units to ensure that proposed new businesses are undertaken without incuring losses to any form or violating the regulatory policies.”

DeKalb County’s internal auditors are refusing to release an obviously critical report of the county’s Oracle software system, which is used to manage everything from human resources to purchasing to payroll for a government that spends about $1.2 billion a year.

It’s clear from studying the public portions of the September 2022 report that the system is deeply flawed, but the auditors refuse to release details because they contend that might leave the already badly managed system open to sabotage or terrorism. Taxpayers are in the dark.

[DOWNLOAD: Free WSB-TV News app for alerts as news breaks]

“This is shameful as far as I’m concerned,” said Dr. Andy Green in an interview with Channel 2 investigative reporter Richard Belcher. Green teaches IT security at Kennesaw State University and has consulted with the channel on IT security issues for the better part of a decade.  He says “the real story” is “the fact that the county is using state law to be less than transparent with their citizens and not allow their citizens to engage in true oversight.”

Auditors look for flaws, document them and recommend changes to encourage improvements in government services or operations. They documented so-called “findings” in 10 separate areas of DeKalb’s Oracle system. One page that is not blacked out shows that six are coded red -— meaning more serious — and four are coded yellow. Those are also problems but not as serious as the ones coded red, but if you go looking for details, you’ll find page after page is blacked out or redacted.

TRENDING STORIES:

Green says the problems might be less serious than taxpayers worry, or, he says, “It could be that these things are actually much worse. The problem is we’re in the dark. The public is in the dark here.”

We emailed the spokesperson for DeKalb County, Michael Thurmond, and heard back from the county attorney’s office, which told us the redactions were the responsibility of the county’s internal auditors who are, by law, independent of the CEO and Board of Commissioners.

Lavois Campbell, the interim chief audit executive, emailed after our inquiry: “We have reviewed those determinations and judgments with legal counsel and our chairperson. The redacted sections relate to specific vulnerabilities in the Oracle application ‘which if made public could compromise security against sabotage, criminal or terroristic acts.’ O.C.G.A. § 50-18-72 (a)(25)(A). Those areas of vulnerability, if identified, would compromise the security of specific operations. We are constrained to do whatever is required to protect those operations from sabotage.”

Green mocked the county’s claim. “The idea that threat actors go around and collect these vulnerability assessment reports from these governmental entities to look for a way into the system is laughable on its face,” he told Channel 2.

He contends auditors could have found a way to release at least some of their findings. “They are not prohibited from releasing this. They are simply given an exception that says, ‘You don’t have to.’ The state law doesn’t say you are prohibited from (releasing the information), and to me, that’s a big difference,” he said.

A year ago, DeKalb’s independent auditors blacked out virtually everything in a report about the security of the private information of county employees and county vendors. We were stumped until Atlanta Journal Constitution report Tyler Estep obtained a copy of the full audit and shared it with us. The documented problems were serious and potentially embarrassing.

[SIGN UP: WSB-TV Daily Headlines Newsletter]

IN OTHER NEWS:

ISLAMABAD: Federal Ombudsman Ejaz Ahmad Qureshi constituted a team of senior officers which visited Islamabad International Airport (IIA) to inspect facilities being provided to passengers.

The team comprising Senior Adviser Ahmad Farooq, Grievance Commissioner for Overseas Pakistanis Dr Inamul Haq Javeid, Consultant (Implementation) Pervez Haleem Rajput, and Director Media M. Javed Chaudhary, will submit a report to the ombudsman.

They checked the performance of one window facilitation desk; delay in immigration; unnecessary checking by customs and to review the progress on the recommendations of his earlier team’s visit on April 27.

The committee submitted its preliminary report after making inspection, listening to complaints of the general public, witnessing the working of different counters and holding meeting with the management of the airport and other federal government agencies responsible for handling passengers.

The team was informed that representatives of 12 agencies remained present round-the-clock at the facilitation desk.

The ombudsman said that Islamabad International Airport is the airport of federal capital; therefore, its services must be of international standards.

The airport manager informed that under the directions of Wafaqi Mohtasib, separate counters for senior citizens, business class passengers and ladies have been established.

However, senior citizens complained to the team regarding improper functioning of counters. The FIA and customs authorities complained of shortage of staff.

The team observed that only two luggage rapping machines were working due to which long queues were witnessed.

The team directed the CAA authorities for installation of two more rapping machines. The passengers complained and requested for provision of facility of visa protector stamp at the airport.

Published in Dawn, October 6th, 2022

He said this attitude to internal audit was “by no means unique” to Star, however, pointing to similar failings found by financial services companies investigated by the Hayne royal commission and Crown Resorts in separate government inquiries.

A accurate IIA survey found that 45 per cent of members believed their recommendations in internal audit reports were not always acted on in a timely way, while one in 10 of the professionals say they have been sanctioned after giving their employers’ management or audit committees an unfavourable report.

“Internal audit is all about contributing to and protecting organisational value ... ignored recommendations have serious implications,” Mr Jones warned.

“They often flag major cultural flaws within an organisation. If systemic issues cannot be addressed, it’s a major issue for directors as they have a fiduciary responsibility for the organisation’s welfare.”

Directors ignoring internal audit recommendation may also be ”found negligent and legally accountable for issues identified”, he added, suggesting that “regulators will demand retribution to save face and accountability with the public”.

“The bottom line for directors is to ignore the advice of internal auditors at their peril.”

While Star’s board eventually accepted and acted upon the KPMG recommendations, Mr Jones said that “as it was some time before this occurred, much damage had already been done”.

“In any organisation, the first line of assurance is line management; the second compliance and risk; and the third and final is internal audit,” he said.

“A commitment to robust internal audit practices is essential for any organisation that holds a position of responsibility and privilege, such as a casino.”

Goddy Egene

The Society for West African Internal Audit Practitioners (SWAIAP) has called on Nigerians to refrain from aiding and abetting corruption by refusing to provide and receive bribes or participate in every manner of corrupt practices.

The internal auditors made the call as one their resolutions at the inaugural induction, investiture and fellowship award dialogue of the society in Lagos at the weekend.

President of SWAIAP, Mr. Patrick Nzechukwu, said that the dialogue, with the theme “Internal auditing: Effective tool for anti-corruption, risk management controls and corporate governance”, was apt as corruption continues to ravage many nations of the world including Nigeria.

According to him, SWAIAP was established in June 2018 with the objective of institutionalising internal auditing in West Africa as a major tool for anti-corruption campaign as well as mitigation of inefficiency, ineffectiveness, wastes and other forms of financial and non-financial risk.
It was also conceived to “improve business processes and performance” in both private and public sectors, he said.

Nzechukwu said: “We are committed to educating internal auditors on global best practices with emphasis on effective corporate governance, risk management system and adequate internal control and compliance and virile reporting systems, and informing stakeholders on the imperatives of effective internal auditing in West Africa.”

However, the SWAIA president queried Nigeria employers’ preference for international certifications while Nigerians were doing better than their counterparts globally.

Chairman of the occasion, Gbolahan Oyegoke, commended SWAIAP for the focus of the national dialogue, adding that internal auditors hardly have friends within an organisation due to professional discipline and anti-corruption stance.

He said that the best approach to fighting corruption was to prevent it from happening, urging practioners to be proactive at all times.
“An internal auditor is caught between management who wants you to catch thieves and the staff whom the internal auditors want all processes to be followed.

“The destiny of organisations rests on your capacity and capabilities, because when everything moves on fine nobody cares about you but when there is an error you will be held liable,” he added.

Executive Secretary, Nigeria Extractive Industries Transparency Initiative, NEITI, Dr. Orji Ogbonnaya Orji, said that Nigeria was struggling to curb corruption in all sectors of the nation’s economy.

Represented by Alhaji Abdulraheem Usman, the NEITI boss called on staff of internal control departments in organisations to build capacity in the use of modern auditing softwares in order to effectively block leakages and proactively build defence systems against fraud.

He said that there was need for organisations to embrace and deploy technology and modern audit softwares to aid its internal control mechanisms.
Orji said: “For every organisation which intends to achieve its set objectives, the five components of a good internal control as set by Committee for Sponsoring Organisation (COSO) framework must be adhered to. The framework, which includes control environment, risk management, control activities, information and communication and monitoring must be taken into consideration to curb malfeasance in any typical organisation.

RAWALPINDI: Rubbish at concourse hall of Islamabad International Airport (IIA) led to the transfer of three senior officials.

Prime Minister Shehbaz Sharif and Aviation Minister Khawaja Saad Rafique had noticed a video on social media showing waste dumped in the airport’s concourse hall and ordered an inquiry.

A notification was issued by the Civil Aviation Authority’s (CAA) human resource directorate, which said Airport Manager (APM) Mohammad Adnan Khan had been transferred and posted as chief operating officer (COO) till further order, while Haq Nawaz, joint director communication who was serving as duty terminal manager, was transferred to Allama Iqbal International Airport.

Habib Khan, superintendent airport security, was transferred to Bacha Khan International Airport Peshawar, while additional charge of deputy APM was from withdrawn from Iqtidar Haider.

The notification said all those transferred were to be relieved with immediate effect and were to join their new assignment.

Published in Dawn, October 8th, 2022

DeKalb County’s internal auditors are refusing to release an obviously critical report of the county’s Oracle software system, which is used to manage everything from human resources to purchasing to payroll for a government that spends about $1.2 billion a year.

It’s clear from studying the public portions of the September 2022 report that the system is deeply flawed, but the auditors refuse to release details because they contend that might leave the already badly managed system open to sabotage or terrorism. Taxpayers are in the dark.

[DOWNLOAD: Free WSB-TV News app for alerts as news breaks]

“This is shameful as far as I’m concerned,” said Dr. Andy Green in an interview with Channel 2 investigative reporter Richard Belcher. Green teaches IT security at Kennesaw State University and has consulted with the channel on IT security issues for the better part of a decade.  He says “the real story” is “the fact that the county is using state law to be less than transparent with their citizens and not allow their citizens to engage in true oversight.”

Auditors look for flaws, document them and recommend changes to encourage improvements in government services or operations. They documented so-called “findings” in 10 separate areas of DeKalb’s Oracle system. One page that is not blacked out shows that six are coded red -— meaning more serious — and four are coded yellow. Those are also problems but not as serious as the ones coded red, but if you go looking for details, you’ll find page after page is blacked out or redacted.

TRENDING STORIES:

Green says the problems might be less serious than taxpayers worry, or, he says, “It could be that these things are actually much worse. The problem is we’re in the dark. The public is in the dark here.”

Story continues

We emailed the spokesperson for DeKalb County, Michael Thurmond, and heard back from the county attorney’s office, which told us the redactions were the responsibility of the county’s internal auditors who are, by law, independent of the CEO and Board of Commissioners.

Lavois Campbell, the interim chief audit executive, emailed after our inquiry: “We have reviewed those determinations and judgments with legal counsel and our chairperson. The redacted sections relate to specific vulnerabilities in the Oracle application ‘which if made public could compromise security against sabotage, criminal or terroristic acts.’ O.C.G.A. § 50-18-72 (a)(25)(A). Those areas of vulnerability, if identified, would compromise the security of specific operations. We are constrained to do whatever is required to protect those operations from sabotage.”

Green mocked the county’s claim. “The idea that threat actors go around and collect these vulnerability assessment reports from these governmental entities to look for a way into the system is laughable on its face,” he told Channel 2.

He contends auditors could have found a way to release at least some of their findings. “They are not prohibited from releasing this. They are simply given an exception that says, ‘You don’t have to.’ The state law doesn’t say you are prohibited from (releasing the information), and to me, that’s a big difference,” he said.

A year ago, DeKalb’s independent auditors blacked out virtually everything in a report about the security of the private information of county employees and county vendors. We were stumped until Atlanta Journal Constitution report Tyler Estep obtained a copy of the full audit and shared it with us. The documented problems were serious and potentially embarrassing.

[SIGN UP: WSB-TV Daily Headlines Newsletter]

IN OTHER NEWS: