A guest post by an intern in Internal Audit was recently featured on another accountant’s blog, I Want To Be A CA, and I was first alerted to it by Krupo’s post title bait. The post is not compli­mentary about internal audit, but the support for its thesis is so flimsy and based on purely anecdotal evidence that it’s impos­sible to take it seriously. It begins:

I work in internal audit of a large corpo­ration in the South­western United States. That’s all I will reveal of my identity for obvious reasons.

The “obvious reasons” are that he’s about to trash every element of this oppor­tunity he’s been given to work at a large corpo­ration in the Southwest US (during a massive recession when people much more experi­enced than him are losing their jobs, and in one of the hardest hit parts of the country to boot) despite having only two years of university level accounting studies to his credit.

I’m reminded of a recent column by Maureen Dowd on the use of anonymity online:

In this infinite realm of truth-telling, many want to hide. Who are these people prepared to tell you what they think, but not who they are? … Pseudonyms have a noble history… But on the Internet, it’s often less about being constructive and more about being cowardly.

One of the best uses for constructive anonymity is that of the whistle­blower. Most companies have set up whistle­blower channels by now which allow employees at all levels to safely make public or report to an independent body abuses they have observed at work. The post in question is not an example of constructive anonymity.

With that out of the way:

So you ask yourself, why go into internal audit? Well I’ve been asking myself the same question. I’ve been here almost three months and still have yet to see any meaning­fulness in this work. … Granted, without this deterrent could be rampant fraud and waste, etc, but that’s beside the point.

I thought the point was that audit is meaningless. So, factors which make audit worth­while are beside it? I guess if you ignore the potential for rampant fraud and waste, the job would be basically meaningless. I think it’s safe to assume he’s been so busy mindlessly ticking and tying his POs that he wouldn’t see an oppor­tunity to address waste or fraud if it presented itself.

And with that, I’m reminded of a recent post by Penelope Trunk on creativity:

It’s as misguided to divide the world into creative and non-creative jobs as it is to divide the world into creative and non-creative people. All jobs have oppor­tu­nities for creativity. Some have more and some have less, but you usually get more oppor­tu­nities to be creative by demon­strating that you are a creative problem solver over and over again.

IA jobs can be rewarding and meaningful, but often­times only as much as you make them. The key point is that the onus is on you to push your job into creative territory. Not at the expense of your required duties, but going above and beyond what’s expected of you. You have to want to make the work meaningful and strive to do so. Especially in an entry-level internship, as this is a great oppor­tunity to show your superiors that you’re a top performer. If you ruffle too many feathers (and the problem here may indeed be the work environment he’s found himself in), you’re back in school before you know it anyway for third year.

Continuing on:

The thing you have to keep in mind with internal audit is that you are working with the same documents, same depart­ments, and same proce­dures year after year with the rare addition or removal of a department.

This really depends on the type of organi­zation you’re working for. There are companies that own various subsidiaries in related indus­tries that will provide variety. I know in my position I see many different types of businesses that fall under the broad building materials category, including heavy industry, manufac­turing and pure distribution/wholesale. Newly acquired companies are a source of variety as well, and there is a smorgasbord of accounting systems in use providing challenge and an oppor­tunity to learn and develop.

Oh, and the other thing about internal audit is you don’t get to travel nearly as much as external auditors, because every­thing you’re auditing is in the same building. The hours are also a lot more manageable. Nobody here goes over 40 hours a week.

Again, depends on the company. I left public accounting because my current position offered the chance to travel exten­sively. Since starting the job last May, I’ve worked in Switzerland, Ireland, the US, and Canada. The lion’s share of traveling for me is to the US. I just got back from Phoenix (third time this year), and before that spent three weeks in the Seattle-Tacoma area. (Gorgeous country!)

As far as the hours go, when I’m back in town (which I am for the next three weeks!) it’s pretty accurate to say we work a solid 40 hours only. On weeks where I’m on the road, the days are longer (10 hours usually) and Monday mornings are brutal. Think getting up at 3:30am EDT for a flight and working till 6pm Pacific! The bottom line is that the work that needs to get done, gets done on time no matter how long it takes, and this is generally true no matter where you work.

If you don’t have much of an imagi­nation, enjoy working by yourself a lot, don’t mind monot­onous work, have attention to detail, enjoys following instruc­tions, don’t mind doing work that seems pointless (in your mind), and wants a steady paycheck, then I’d say auditing is for you.

Yeah this pretty much sums up the whole snarky episode. I see the propo­sition of IA a bit differently:

If you have a creative mind, enjoy working in small groups and meeting tons of new people every week, love challenging work, can both devise and follow instruc­tions (and occasionally throw them out the window), don’t mind work that is criti­cally important to the continued growth of your organi­zation, and want a healthy and steady paycheck, good benefits and job security, then I’d say auditing is for you.

Auditing 101: Never extrap­olate from a sample of one across a large, hetero­ge­neous population.

Accoun­tan­cyAge is reporting that the UK and Ireland IIA’s chief executive Ian Peters recently made a statement on the contentious issue of having external auditors provide internal audit services:

Internal auditors answer to management and the non-executive directors… external audit reports to share­holders. Merging these two important functions has the potential to cause serious conflicts of interest and reduce the effec­tiveness of internal controls and the management of risk.

The statement was made in relation to the KPMG-Rentokil deal.

I think if the two parties gave us more details about the work performed around indepen­dence it was assuage many of the fears stake­holders are having.

KPMG has said they believe the provision of both functions “is perfectly feasible to do in the spirit and letter of the law.” If that’s so, how long before more of these arrange­ments are made by KPMG or other firms?

The Metro­politan Corporate Counsel, a publi­cation dedicated to legal issues relevant to corporate lawyers, recently inter­viewed Alfredo Avila, Assistant General Counsel at Monsanto about how they approach FCPA compliance for acquisitions.

Monsanto recently acquired a US-based company with a Turkish subsidiary, and found during the due diligence the sub had made inappro­priate payments to Turkish government officials. In 2005, Monsanto disclosed their own inappro­priate payments made to Indonesian government officials and submitted to a three year monitoring program as a result, and Mr Avila talks about how their prior experience has affected policies going forward, including for this latest acquisition.

On the subject of codes of conduct:

Codes of conduct and compliance policies are important but are only the first step in assessing a compliance program. Monsanto believes that the biggest deterrent against unethical behavior is strong leadership.

I agree that codes of conduct are but the first step in ensuring compliance with the FCPA and other anti-corruption legis­lation. As an internal auditor, you want to assess whether the code of conduct has been read and signed by every relevant employee of the organi­zation, and ensure that the code is complete and addresses issues covered by the FCPA. Typically new employees will receive the code of conduct when they join the company. Keeping the documen­tation to prove that everyone has agreed to the code is critical.

Assessing leadership is a much tougher job for an auditor. You will get a sense throughout your meetings and commu­ni­ca­tions with senior management of their commitment to ethical business practices, and from there form an opinion. Of course if you already know there were past incidents of non-compliance, leadership is called into question and probably requires more substantive audit proce­dures to ensure compliance since the preceding events.

On the topic of embedding compliance into policies:

We had to reevaluate our policies for petty cash, travel and enter­tainment, inventory, delegation of authority and so forth from the perspective of the document trail. It made us formalize some practices into policies and reevaluate policies to make sure we captured enough detail so that an independent third party could find all his inquiries answered within the four corners of a document. That forced us to recon­figure policies and also recon­figure our expense recording so that our documen­tation captured more infor­mation. While this takes a little bit more time on the front end, it answers many more questions on the back end and contributes to creating a trans­parent culture.

Prepa­ration and retention of documen­tation related to expenses is key to proving compliance with the FCPA. Any payments made to government officials, if they’re legit­imate, will have appro­priate evidence. I like the part at the end about creating a trans­parent culture because culture plays a huge role in estab­lishing ethical tradi­tions that can prevent situa­tions like the ones experi­enced by Monsanto and their acquisition.

Read the full interview for more.

The news that KPMG has snapped up the audit of Rentokil Initial from rival PwC brings with it renewed concerns around the indepen­dence of firms providing additional services as well as opining on financial statements.

Under the arrangement KPMG would undertake all the statutory respon­si­bil­ities associated with an external audit, while also ‘delving deeper’ and offering advice on internal audit issues.

Not only that, but the audit will cost 30% less than what PwC was charging. I wonder if the company will end up losing more than they’ve saved if the market punishes them for the perception of having a less independent opinion. The director of the Profes­sional Oversight Board, the UK body respon­sible for monitoring the UK’s ethical standards, declined to state whether the deal would be inves­ti­gated. For their part, KPMG says they are confident they can address the threats to their independence.

Some observers say the arrangement would not be a viable option for companies with a dual listing in the US, owing to strict indepen­dence guide­lines or ‘bright lines’ set down by the Securities and Exchange Commission.

It may not help shave costs during a time of economic diffi­culty, but I firmly believe keeping internal audit service providers separate from external auditors is critical to preserving the indepen­dence required for a financial statement opinion and is just best practice in general. I would’ve thought 7 years after SOX we’d have this down pat.

A recent article on the New York Times about the political costs that Google is facing due to its market dominance, and their strategy to reduce those costs, caught my interest:

Google has begun this public-relations offensive because it is in the midst of a treach­erous rite of passage for powerful technology companies — regulators are intensely scruti­nizing its every move, as they once did with AT&T, I.B.M., Intel and Microsoft. Some analysts say that government opposition, here or in Europe, could pose the biggest threat to Google’s continued success.

Google’s SEC filings make repeated mentions of the high level of compe­tition the company faces in their business. Microsoft and Yahoo are specif­i­cally named as the two biggest competitors, and Google notes that Microsoft has more cash and employees, and both companies have longer relation­ships with advertisers.

I find it inter­esting that Google is taking the strategy of talking about the “formi­dable compe­tition” they face as a risk to their business instead of (or in addition to) the risk posed by increased government regulation as a result of their perceived market dominance.

In the section where they talk about government regulation and the risk it poses to their business, they discuss issues like privacy laws, copyright infringement and even net neutrality. But I couldn’t find mention of the risk presented by regulation due to the perception of unfair competition.

Does your business face political risks like Google and other tech companies?