This week is the IIA‘s South Eastern Regional Conference in Atlanta, and has been sold out for some time. I was lucky enough to be invited and plan to post comments and insight for each day. I can only speak on the areas that jumped out, but I hope this information will be helpful to all internal auditors and those passionate about corporate governance. The materials are available to IIA members, and right now you can join for a discount joining over 130,000 worldwide members.
Day 1 – Monday 9/10/07
First day at the Westin and we start with a classic big networking morning with roughly 80% in attendance for the breakfast – hosted by Accume Partners. Paul Sobel kicked off the conference after an intro from David Bilko. Paul is known for publishing an excellent text on Enterprise Risk Management (ERM) and a recent textbook. His speech was really catered towards accelerating the profession and stirring up the ranks to aim at the horizons for improvement.
Personally I would have loved to see greater emphasis on promoting the profession at the Director level in companies, and stronger emphasis on promoting the language and depth required to really provide true value to these members. This was highlighted ever so briefly in the Corporate Governance track, but not nearly enough.
The first session I sat through was with Paul Lapides on Corporate Governance and Internal Audits role. He presented some good points regarding the lack of focus on the controls by boards, and highlighted a recent set of principles he put together this year (as a refresher to an older paper). His newly released paper is available here. An area of especial interest was Paul’s comments on how to become a Director with companies, and the benefits he has received as a result.
The second session was very enjoyable by John Montoro of Cherry, Bekaert & Holland LLP. He presented on Performance Audit Under the New Yellow Book Standards. Now unless you are a government focused auditor you have been missing this treasure. If it wasn’t for the lunch crowd I sat with today I too would have not seen the light. The Yellow book has some excellent information on how audits should be conducted, and a treasure trove of templates, metrics, and reference points. Someday I may dive into the value and nuggets found within the Yellow book, but until then it is worth a read while you fly to India or across the pond to London.
This was a very enjoyable session with take away information, and was my second favorite of the day. John had passion, gave great insight, spoke at all levels on the topic, and really boiled it down to the meat and potatoes.
The final session I had the privilege to attend was with Bob Anderson of The Home Depot on Process Improvement Reviews. This was by far the fullest session and the best of the day. Given I am biased because I was in this session, so it must be good, and I am not objective because I didn’t sit through all the sessions. That said – Bob gave excellent information and a huge amount of takeaway information. Bob focused on the process used by his company on walking through the concerns of the company and determining the best course of action. His process included:
First identifying the value the internal audit provides ranging from three degrees of value – Audit, Process Improvement, and Strategy. He emphasized the transition is necessary for companies to truly gain efficiencies in the market with this mindset.
Of particular interest of the attendees was that The Home Depot establishes a rotation program where employees work through different audit teams to allow for a near perfect cross-polonization effect.
Bob recommended a near six-sigma approach that was boiled down to five steps – Risk Assessment, Project Selection, Discovery, Execution, and Reporting
- Risk Assessment – classic examples here (nothing new): Business process identification, identify risks, measure, prioritize, graphics
- Project Selection – I loved how he broke this out and it created quite a stir in the audience with questions. He placed all the projects on risk maps and create audit plans for three years out.
- Discovery – Here he emphasizes the value roadmap process which he emphasized should go beyond simple cost cutting and meld into nearly 12 specific categories
- Execution – Here the team boils down the data pulls pure empirical evidence. This was a great point as it seems in technology specifically the measurements are more subjective and opinionated that they should be in equations that imply precision. He brought forward classics like Pareto Analysis and Fishbone diagrams. An interesting point he made was how much they rely on the classics in their analysis despite have massive resources.
- Reporting – Of course presentation to executive, and follow up are the close out loops.
Bob goes into a great deal of detail and specifics, and it is impossible fully recount. I strongly recommend you purchase a copy of the slides, video, or call colleagues that went to hear the additional value points he made.
Overall Day 1 very good. If you are not an IIA member and work within the bounds of corporate governance, technology controls, controls, or simply manage business divisions you should consider joining. The fees are reasonable and the available information is tremendously valuable to every enterprise.