to osterio.com
Internal Audit Training and Risk Management seminar
Products
Online training
support Center
The Osterio Group

Business Process Improvement








Internal Audit Training

Risk Based Auditing

Auditing Seminars

Risk Management Seminar

SUPPORT CENTER
Q&A 3rd Qtr 2001

DATE: 09/21/01

Question: Please provide what really needs to be documented in a Terms of Reference. For example, background, risk statement, objective, timeline, methodology, etc.

Answer: None of the terms that you have used relate to RBIA or PGRM concepts. Can you please provide more information so I can answer your question?

 

 

DATE: 9/20/01

Question: We are participating on a team to address some serious process issues that we have. The team is lead by a manager from the department that has its operations most affected by the process. How can we convince the team to use the RBIA Performance level control concepts? They have told us that they are working with their own project methodology.

Answer: Congratulations on partnering with the process team. You have already won the major battle! The worse thing that you could have done is to perform a detailed audit of the process. The fact that management is leading a team to fix the problem indicates that you are successful in communicating the fact that process controls are their problem, not audit's problem.

As a member of the process team you cannot force your audit methodology on anyone. If the team is functioning well, they will come up with the same data elements and control structure that you do by working through the RBIA Performance level tools. If you identify issues that their project management methodology has missed, you should definitely raise it at the appropriate time and in the appropriate manner.

If it becomes obvious that the team is floundering, that they really do not have a solid methodology to address the issues, by all means offer to help them use the RBIA Governance, Management and Performance tools. This is why you are on the team. I would suggest that you emphasize that the Governance Management and Performance tools are basic, business control tools and not audit tools.

 

DATE: 09/04/01

QUESTION: Our auditors are having trouble engaging business people in a discussion around limits of risk. In your experience, why would other RBIA audit groups having similar trouble?

ANSWER: There are several issues. The first is associated with how you have set expectations about RBIA in the marketing process with the vice presidents in your company. This marketing exercise must explain how audit looks at risk under RBIA. It must explain very clearly that we in audit understand that risk taking is an essential part of business success. Part of this is that things will go wrong (risk) at the Performance level because of the crazy business environments that we are operating in today. The discussion that audit will be engaging vice presidents in is a business based, realistic discussion of how many things going wrong should we tolerate given our scarce resources and unlimited demands on those resources. Without this expectation with vice presidents being set, you will always have trouble engaging them in a discussion about how much risk that they are prepared to accept. (Refer "Implementing RBIA Guide" elsewhere on this site).

The second issue involves eliminating the things that upset vice presidents. That is, you have demonstrated by your actions, not just words, that you are focused on helping them be successful in accomplishing their business objectives, that you have "skin in the game" and you are not copying their problems all over the place. You have also demonstrated that you understand their business issues. Without the above being demonstrated by actions, not words, I would not expect any vice president to be forthright in a discussion around how much business risks they are prepared to accept.

Assuming that you have addressed the above, and have built an effective working relationship with the vice presidents, try the following:

• Do not mention the words "risk" or "limits of risk". Discuss the issue in terms that relate to the topic under discussion.

• Communicate that you understand the scarce resource situation and demand for money in your company and that you are not going to recommend control improvements unless there is an economic justification for doing so.

• Communicate that any discussion about control is meaningless in absence of understanding the business objective that we are trying to accomplish, the risk that threatens our ability to accomplish that business objective and the amount of risk that we are prepared to take.

Having said all that, our empirical evidence suggests that the main reason that auditors have difficulty engaging their vice presidents in a discussion around limits of risk still boils down to their inability to build a relationship of trust and respect with them.

DATE: 07/26/01

QUESTION:  We will be conducting interviews for an opening in our Audit Department. Can you suggest some interview questions that assist us in determining if the candidate would be a good fit with our RBIA approach?

ANSWER: The biggest issue in interviewing is to determine how well the candidate will work in a self directed team environment. Focusing on this issue will save you a lot of drama in the future and is only fair to the candidate to let them know the environment that they will be working in. RBIA concepts are easy to pick up to anyone with an open mind and a business perspective. Changing cultural perspectives as to how people work and relate to others is extremely hard to do.

The important thing to remember is that, in an interview, everyone is a team player! Try these questions to filter out those who will likely not fit in to an RBIA environment:

  • How many teams have you participated on during your career?
  • Describe your role on each team?
  • For each team, please write down what constituted success?
  • Describe the process on each team that you used to reach consensus with your team members
  • What are the critical characteristics for a self directed team to be successful?
  • Create some team conflict scenarios and describe how you would resolve them?
  • Outside of the work environment, how many team based activities have you participated in?
  • Describe your role in these activities?

Please remember that anyone who is really looking for a job will probably have researched your environment (including looking at this question on our Support Center!) and determined that RBIA uses team based concepts. They will probably also have researched teams and will know the answers that you want to hear. There are many people schooled in "how to interview well" that are unable to deliver on the job. Therefore, I suggest that you also consider the following:

- Have the candidate sit in on some audits and observe how your teams interact. Have the team members observe the candidates body language.

- Insist on a probation period. Ensure that the new recruit participates in as many team audits as possible during the probation period. At the end of the probation period, have the auditors who worked with the new recruit on teams make an assessment as to how well he/she performed on the teams. Make this evaluation part of the decision to confirm full time employment. Make sure that the recruit understands this process during the recruiting phase.

 

 

Corporate Governance and Compliance

Process Management Consulting

Control Risk Self Assessment

The Best of the Best for 2006

RBIA Gold Medal
Ms. Martha Mimica, Florida Power & Light

RBIA Silver Medal
Mr. Bill Egan, Scotts Company

RBIA Bronze Medal
Mr. Dan Ashley, Qwest Communications

Congratulations!
prior year winners

SOX 404 RISK CONTROL MANAGER 2.1 SOFTWARE

Corporate Governance
a cost effective way
to document controls


AUDIT TEAM MANAGEMENT
SYSTEM (ATMS) SOFTWARE

Internal Audit Program
best value available for
small audit groups
SITE MAP
RBIA™ and PGRM™ Osterio, Inc. All rights reserved worldwide.

Updated: February 2, 2007