Internal Auditor - February 2004

ETHICS IN LIFE

“The Critical Role of Ethics,” by Marianne Jennings (December 2003), presents an intriguing concept that financial collapse begins with a severe ethics erosion.

I agree that [the concept of] ethics is not difficult and that the answers are obvious, certainly as they relate to corporate financial reporting. The issue is that ethics cannot be imposed; it must already be within a person. My observation from investigation activity is that the people who violate the ethical code can cite chapter and verse; they know the answers, they just don’t feel it applies to them.

The utopian solution may be to have some type of indicator to sort those people who merely comply with ethics from those who ethically live all aspects of their lives.

GEOFF ATWATER, CIA, CPA

Senior Project Manager

Financial Planning & Analysis

United Space Alliance

Houston, Texas

Geoff.P. Atwater@usa-spaceops.com

UPHOLDING CONFIDENCES

In “Solving Employee Theft Cases,” (“Back to Basics,” December 2003) James W. Basett suggests that auditors tell employees being interrogated, “Anything you tell me is in strict confidence” and “It’s easy to keep you completely anonymous.” This is risky.

Keeping information and its source anonymous should be an investigator’s priority and all reasonable steps should be taken. However, can absolute confidentiality ever be guaranteed? I doubt the legal support of most companies would agree that such a promise can be made. NANCY L. SALE, CIA, CPA

Manager, Internal Audit, AVP Commercial Bank of Pennsylvania nsale@cbthebank.com

CLARITY OF RISK

First of all, I was delighted to see that a Belgian, Tommaso Capurso authored the December 2003 issue of “Risk Watch.” We need more “international” contributions.

Secondly, I am just as pleased that Capurso linked risk management to one of quality management’s techniques — Failure Mode and Effective Analysis.

Some time ago, a colleague of mine who specializes in quality management showed me how useful cause-and-effect analysis was for risk analysis. There is possibly more that can be written about how these two important fields can be linked, although in my view, they are complementary and provide different contributions in managing performance.

However, I have a different approach to the major point of the article, in which Capurso recognizes “detection” as a third element in risk assessment. To me, detection is an essential control that fits between anticipation and prevention. That is, you detect that something might happen, and it is prevented.

Alternatively, you detect that something has happened, and then mitigate its effect. In all this, detection is one of the control processes that relates to risk, and all of them are important. I see detection as important, but not more important than anticipation, prevention, mitigation, and correction.

Many speak and write about risk, but not in a consistent way. We can expect differences, but consistency would be helpful. When Capurso suggests detection is a third factor in risk assessment, I’d prefer he said that control — in all its forms, of which detection is one — was the third factor in risk assessment.

Being an Australian, it is easy for me to say that the risk management standard process developed by the standards organizations of Australia and New Zealand is “best practice.” But others agree. The Australia/New Zealand standard is a systematic and consistent process that enables all people in an organization to think

LETTERS

about, talk about, and manage risk in one
way. Therefore, they all speak the same
language and sing the same song.
BARRY S. LEITHHEAD, CIA
Leithhead & Associates Pty. Ltd.
Glenorie, Australia
bsleith@ozemail.com.au

CO-THANKS
Thank you for “A Fresh Look at Cosourc-
ing” (October 2003) and the information
on the survey conducted. It has been
helpful to have a current perspective on
cosourcing, and the article certainly
accomplished that and much more.
VICKI H. BARTLETT, CPA
Control Solutions International
Washington, D.C.
vbartlett@controlsolutions.com

LOOK TO ACADEMICS
To Neil Cowan, MIIA, author of “Great
Expectations” (“In My Opinion,” Decem-
ber 2003): One source of [audit commit-
tee] members, especially those with
accounting backgrounds, are academics
who have real world experience. However,
egotistical management and boards of large
companies look upon us with disdain and
mockery as an ivory tower. Or, is the ivory
tower a symbol of independence, both in
thought and in fact, with a high level of
neutrality and objectivity?
PAUL P. HOPPE, PHD, CPA
Associate Professor of Accounting
Golden Gate University
San Francisco, Calif.
phoppe@ggu.edu

CULTURE OF UNDERSTANDING

As international borders become more transparent, the need for international business unit and subsidiary audits becomes more essential. “Auditing on Foreign Soil,” by David O’Regan (December 2003), noted important tips to consider before conducting an international assignment.

However, I believe that auditors traveling to international locations need to focus more on understanding the culture of the country prior to travel. To facilitate their understanding of the culture, auditors should identify the roles of power, control, gender, time, and emotional expression.