ETHICS IN LIFE
“The Critical Role of Ethics,” by Marianne
Jennings (December 2003), presents an
intriguing concept that financial collapse
begins with a severe ethics erosion.
I agree that [the concept of] ethics is
not difficult and that the answers are obvious, certainly as they relate to corporate
financial reporting. The issue is that ethics
cannot be imposed; it must already be
within a person. My observation from
investigation activity is that the people
who violate the ethical code can cite chapter and verse; they know the answers, they
just don’t feel it applies to them.
The utopian solution may be to have
some type of indicator to sort those people who merely comply with ethics from
those who ethically live all aspects of
GEOFF ATWATER, CIA, CPA
Senior Project Manager
Financial Planning & Analysis
United Space Alliance
In “Solving Employee Theft Cases,”
(“Back to Basics,” December 2003) James
W. Basett suggests that auditors tell
employees being interrogated, “Anything
you tell me is in strict confidence” and “It’s
easy to keep you completely anonymous.”
This is risky.
Keeping information and its source
anonymous should be an investigator’s
priority and all reasonable steps should be
taken. However, can absolute confidentiality ever be guaranteed? I doubt the legal
support of most companies would agree
that such a promise can be made.
NANCY L. SALE, CIA, CPA
Manager, Internal Audit, AVP
Commercial Bank of Pennsylvania
CLARITY OF RISK
First of all, I was delighted to see that a
Belgian, Tommaso Capurso authored
the December 2003 issue of “Risk
Watch.” We need more “international”
Secondly, I am just as pleased that
Capurso linked risk management to one
of quality management’s techniques —
Failure Mode and Effective Analysis.
Some time ago, a colleague of mine who
specializes in quality management showed
me how useful cause-and-effect analysis
was for risk analysis. There is possibly
more that can be written about how these
two important fields can be linked,
although in my view, they are complementary and provide different contributions in managing performance.
However, I have a different approach
to the major point of the article, in which
Capurso recognizes “detection” as a third
element in risk assessment. To me, detection is an essential control that fits
between anticipation and prevention. That
is, you detect that something might happen, and it is prevented.
Alternatively, you detect that something
has happened, and then mitigate its effect.
In all this, detection is one of the control
processes that relates to risk, and all of them
are important. I see detection as important,
but not more important than anticipation,
prevention, mitigation, and correction.
Many speak and write about risk, but
not in a consistent way. We can expect
differences, but consistency would be
helpful. When Capurso suggests detection is a third factor in risk assessment,
I’d prefer he said that control — in all its
forms, of which detection is one — was
the third factor in risk assessment.
Being an Australian, it is easy for me to
say that the risk management standard
process developed by the standards organizations of Australia and New Zealand
is “best practice.” But others agree. The
Australia/New Zealand standard is a systematic and consistent process that enables
all people in an organization to think
about, talk about, and manage risk in one
way. Therefore, they all speak the same
language and sing the same song.
BARRY S. LEITHHEAD, CIA
Leithhead & Associates Pty. Ltd.
Thank you for “A Fresh Look at Cosourc-
ing” (October 2003) and the information
on the survey conducted. It has been
helpful to have a current perspective on
cosourcing, and the article certainly
accomplished that and much more.
VICKI H. BARTLETT, CPA
Control Solutions International
LOOK TO ACADEMICS
To Neil Cowan, MIIA, author of “Great
Expectations” (“In My Opinion,” Decem-
ber 2003): One source of [audit commit-
tee] members, especially those with
accounting backgrounds, are academics
who have real world experience. However,
egotistical management and boards of large
companies look upon us with disdain and
mockery as an ivory tower. Or, is the ivory
tower a symbol of independence, both in
thought and in fact, with a high level of
neutrality and objectivity?
PAUL P. HOPPE, PHD, CPA
Associate Professor of Accounting
Golden Gate University
San Francisco, Calif.
CULTURE OF UNDERSTANDING
As international borders become more
transparent, the need for international
business unit and subsidiary audits becomes
more essential. “Auditing on Foreign Soil,”
by David O’Regan (December 2003),
noted important tips to consider before
conducting an international assignment.
However, I believe that auditors traveling to international locations need to focus
more on understanding the culture of the
country prior to travel. To facilitate their
understanding of the culture, auditors
should identify the roles of power, control,
gender, time, and emotional expression.
Ultimately, the auditor who understands
the national culture will better understand
the culture of the organization being
FEBRUARY 2004 INTERNAL AUDITOR