Archive for the ‘What I learnt’ Category

As CIA, I only learnt about Integrity

May 31, 2010

After serving as Chief Internal Auditor about three years in Agrobank, I only learnt about integrity. Let see what do I mean:

  • Board members should have very high integrity in running a company. There should have any conflict of interest among them.
  • Audit Commitee Chairman should not sit any board comittee especially where it involves business desision.
  • It is adviseable, Audit Commitee chairman should not sit in Board’s Risk Management Committee.
  • Chairman of the board should not chair any board commitee where it involves business decision.
  • Audit commitee and risk management commitee should familiar with the internal control framework and enterprise risk management (ERM).

Is Auditor a good Career?

March 18, 2010

What is your expectation of a career as an auditor? Is it a good prospect?

The auditor should have the answer and depend on how the organization recognize them!

Auditors are very important to any organization. They play a role as an agent to check the performance of the internal control system of the organisation.

The role of auditor as an agent to check the performance of the internal control system in the organization should be seen as an important practice to ensure all policies are followed.

The Biggest Challenge as CIA

January 14, 2010

What is the biggest challenge to CIA? As CIA you have to plan, organise, monitor and control your strategic plan as well as annual plan. All those functions (plan, organise, monitor and control) need effective communication.

So, what is effective communication? Since most of the times we produce reports to AEC, I will focus the meaning of effective communication interm of report writing. Nevertheless, we do not deny that verbal communication is also important for effective communication.

I don’t like to refer to any books what do you mean by effective report writing. I just share my experience what I believe with the term of effective report writing.

I am very confident that effective report writing should meet the folowing criterias:

(1) The report should have an executive summary of not more than 2 pages (I prefer one page) with font size 12.

(2) The main report and the executive summary should be written in simple sentences (I used to tell my auditors to use newspapers writing style as an guidance).

(3) The report should be easy to understand and arrange the flow of sentences in a logical order.

(4) The report should be concise. It means it should be written ‘direct to the point’.

(5)  The importants points should be written first follow by the points which have less important.

(6) The report should be accurate and supported with facts and figures, and witten with care and precision.

(7)  For audit findings, we need good analysis besides facts and figure.  Analysis in a simple term are the statements that answers WHY, WHY and WHY it happen and the recommendations to answer every issues raised in the audit report.


The quality of report writing can be improved through experience and the guidances from the superior. Besides that, auditors need to read more books on writing.

How to Organise Meeting Effectively and Efficiently

November 8, 2009

As a Chief Internal Auditor (CIA), I have learnt a good lesson on how to organise meeting effectively and efficiently.

As CIA, I will propose and email to Audit and Examination (AEC) Chairman a list of papers to be tabled in the next AEC meetings. Normally, he will agree with CIA proposal since it is part of the audit plan for the year which was approved by AEC.

Then, CIA will write the agenda and arranging the papers according to its importance. Important papers will discuss first.

When the papers are ready to be circulated to AEC members, I will meet AEC chairman to discuss about the paper. First, we discuss the minutes from the previous and then the papers as in the agenda. CIA will brief all the papers and give clarification to the chairman, if he wanted.

AEC chairman will decide when the meeting should be finished. Normally, he wants the meeting should be end in not more than three hours. Based on the time given, we set the amount of time to be allocated for each paper. The AEC chairman will decide the time allocated, say 15 minutes for paper A and 20 minutes for paper B.

We circulate papers to AEC members at least three days before the meeting. This rule is stated in the AEC Term of Refernce (TOR). It is the duty for each AEC members to read all the papers and matters arising before the meeting. The main objective of the meeting is to make decision and get clarification on any matters in the papers.

When the meeting comes, the chairman will give his welcome speech,  get comfirmation on minutes in the last meeting, discuss on the matters arising and discuss all papers according to the agenda. If we invite external parties to present a paper, AEC will call them first.

As a rule, it is the responsibility of CIA to prepare one page summary for each papers presented to AEC. CIA or the presenter is given three minutes to present his paper to AEC. This three minutes presentation is to give “first impression” to the AEC about the subject matter of the paper.

After AEC members get first impression, normally AEC will ask questions and get more information from the presenter or CIA.  Then AEC will make a decision on the paper.

One the challenge to CIA is to prepare minutes as soon as possible after the meeting is over. All minutes are tabled to the Board meeting. Besides minutes, CIA will prepare a summary of the minutes. The summary is in the form of columns. Column one is matters, column is for the decisions that have made during the meeting and column three is the person responsible for each decision. The summary is also circulated to all the head of departments for early actions. So, it is not necessary for the heads to wait for official minutes from the AEC secretary (we use external party to be a secretary).

What is 5C Credit Analysis?

June 25, 2009

New officers who join the bank as a credit officer will learn about 5C. What is 5C? 5 C stands for:

(1) Capacity (2) Capital (3) Collateral (4) Conditions, and (5) Character

1. Capacity

Is is an evaluation of the customer ability to repay the loan. This is the most important C to the bank. Because, at the end of the day, the bank wants back its money it lends to customers.

Capacity is evaluated by several components. There are:

  • Cash Flow: It refers to the income a business generates versus the expenses it takes to run the business. For example, if a company generates RM10,000 a month of revenue, and it has expenses of RM8,000 a month, the lender would determine that there is RM2,000 a month in cash flow that could be used to repay the loan. A bank will normally takes the most 70% of the net cash flow (70% x RM2,000) to repay the loan. So, if the net cash flow (total inflow-total outflow) is low, the lender or borrower would have reason to be concerned about how the company plans to repay the debt.
  • Payment history. It refers to the timeliness of the payments that have been made on previous loans. This situation is for existing customers. But, for a new customer, the bank can check his payment history from other banks through CCRISS or CTOS the worst.
  • Contingent sources for repayment are additional sources of cash flow that can be used to repay a loan. These include personal assets, savings, current account and other investments.

2. Capital

Typically, a company’s owner must have his own funds invested in the company before a bank will be willing to risk their own investment. Capital is an owner’s personal investment in his business which could be lost if the business is a failure. There is no fixed ringgit amount or percentage that the owner must be vested in his own company before he is eligible for a business loan.

However, most banks want to see at least 25% of a company’s funding coming from the owner before they apply a loan. Nevertheless, in the past 10 years, banks are willing to take more risk where margin of financing goes up to 95% of the total project cost. And lately, a bank is willingly to finance 100% of the asset cost. From risk management side point of view, banks who are ready to finance 100% of the project cost are considered ‘risky banks’ and to the shareholders too, indirectly.

3. Collateral

Lands, landed properties, machinery, shares and other assets that can be sold if a borrower fails to repay the loan are considered collateral. Collateral always is an issue between a bank and a borrower, especially to the first time customer.

4. Condition

Conditions refer to overall evaluation on the proposed business or project. Analysis includes business objectives and purpose of the loan. We need to analyse that the loan can help the business to grow and not a burden to the borrower. Other conditions that we should consider are marketing, technical aspects of the project, economic and overall business conditions such as laws and regulations. These information you get from customers when they apply for a loan.

As a banker, you should not have a problem to get these information as customers will provide you all documents before a bank approves a loan.

5. Character

Basically it is an evaluation of business owner’s personal history and his background. For a company, it is the history of the owners, the boards and the key management. As a banker, character is the most important C compares to other Cs. The reason is simple: a man make things done or happened no the others. He is a mastermind to make a project succesfull and pays the bank money! Do you agree?

Banks have to believe that a business owner is a reliable individual who can be depended on to repay the loan. Background information such as credit history, education, work experience are the factors in credit analysis.  These information you get from customers when they apply a loan and it is normally a part of the bank’s loan presedures.

What is Audit Governance?

November 8, 2008

Internal audit department should have good audit governance. Audit governance comprises audit charter, audit plan, audit manual and audit program.

Audit Charter

A formal written document that states internal audit’s purpose, authority, scope, independence and responsibility. Audit Charter must be approved by the Audit Committee and endorsed by the board of director.

Audit Plan

It is a means of directing and controlling the audit work. The plan for a particular of time such as a year sets out audit objectives, auditable areas, scope of coverage, frequency of audits, resources required and the duration of audit. The audit plan must must be endorsed by the Audit Committee (AC) and should be flexible to respond to changing needs.

Audit Manual

It is a set of uniform audit standards for guidance and reference. It contains written audit policies, objectives, standard procedures and programs.

Audit Program

Audit program is a set of detailed step-by-step procedures for each auditable area and is usually supplemented by the ICQ (internal control questionnaire).

How to Distinguish the Types of Internal Audit

November 8, 2008

There are several types of internal audits. There are financial audit, operational audit, management audit, compliance audit, IS audit and investigation audit. Each audit has different purpose and characteristic.

Financial Audit

The purpose is express opinion on financial condition based on analysis, comparisons and test of accuracy. Its scope is on the financial records. The expected results from this audit is to give opinion on the accuracy and reliability of the financial statements.

Operational Audit

The purpose is to analyse and improve methods of operations and performance. Its scope on the operational activities of a unit or department. The expected results from this audit is to give recommendations to management for the improvement of operations.

Management Audit

The purpose is to review and evaluate business and management issues to enhance profitability. Its scope is on the business support activities of a unit or the entire organisation. The expected results from this audit is to give opinion on strategic issues and recommendations or solutions.

Compliance Audit

The purpose is to express opinion as to adherence to internal policies and regulatory rules and requirements and applicable laws. Its scope on the specific aspects of operations and business. The expected results from this audit to make immediate rectification and compliance thereafter.

IS/IT Audit

The purpose is to audit on the computer systems and the provision and management of information. Its scope is on the technical reviews on computer systems and their peripherals . The expected results from this audit is to give recommendations on computerisation and information systems related.

Investigation Audit

The purpose is to audit in dept into irregularities such as misappropriation of bank’s assets or reported fraud or allegations. Its scope is in the area specified to determine modus operandi. The expected results from this audit is to give conclusion to findings with recommendations to prevent recurrence.

How to Prepare Annual Report

November 2, 2008

When I was a Corporate Planner, I was responsible to publish Annual Report for the company. About a few years I was involved in this project. I would like to share experience with you on how I organize my team to produce an annual report.

1. Develop Your Team

As a leader to this project you will become a chairman with help of the secretariat. The secretariat is a group of your staff that will help you to manage this project. The first thing you have to do is prepare a plan or road map to publish the report. A road map will guide you on the following subjects: (a) contents of the report
(b) related departments and representatives
(c) task flows
(d) date line to accomplish each tasks

I will get Management approval the road map. An endorsement from Management will ensure the project will be completed in time.

2. Kick-off Meeting

After you prepare the plan, I will call a meeting by inviting all the persons who represent his to department to attend a kick-off meeting. During the meeting you will table the plan when the jobs of preparing annual will be started and when it should be completed. Next, you will explain what roles for each person will do. For example, financial statement will be prepared by Finance Department and when the document should be sent to the secretariat. The same goes to perapring of the Chairman Statement, corporate information, board committee,  activities reports, financial performance, calendar of events, statement of internal control, risk management and compliance.

You should give a date line when all the department send their reports to the secretariat. Let say you give them two weeks to submit the report to the secretariat.

3. Edit First Draft Report

After you receive reports from all the departments, you should check, edit and compile them and become the first draft of annual report. The first draft should be sent to all departments for them to check. The representatives are expected to discuss the contents with his head and get any feedback from him. You as a chairman will them that you will be calling a second meeting to finalise the draft report.

4. Second Meeting for the Team

Next, you will be calling a second meeting. All the representatives will come and give their comments to the first draft. During the meeting, information are added, deleted or modified. If everything is okay, you be should be able to prepare the final draft.

5. Table Final Draft to Management

A copy of the final draft will be sent to the CEO and all the management. You will a fix a date for meeting to table the report and get Management to approve it. During the meeting, the secretariat will take any comments from the management. When management approves the report, it becomes the final report.

6. Get Approval From Audit Committee and Board

The next step is to table the final annual report to the Audit Committee and the Board of Director. Nevertheless, it depend on the company’s policy whether whether you should table it to both committees.

7. Designing and Printing of Annual report

When both committees approve the annual report, it is the duty of Corporate Communication Department to design a concept of the new annual report . The report will be be sent for printing and then distribute to the shareholders and other parties.

How to Develop KPI

November 2, 2008

KPI or key performance indicator is a set of targets to be achieved in certain period of time by the Organisation, Department, Division, and employees. This article is about to develop KPI for a department.

1. Formulate Department’s Objectives

A manager of the department must formulate the objectives of his department. The department’s objective should be in line with the organisation’s vision, missions, strategies and objectives. The KPIs for the department are the normally the KPIs for the manager.

2. Component of KPI

The manager should now the components of KPI. KPI is comprised four components. There are (i) Objective, (ii) measurement, (iii) target, and (iv) initiative.

(a) “Objective” tells what the department want to achieve. Example: to increase deposit, to increase customer satisfaction, to increase profits, to send staff for training, to reduce expenses and to improve loan processing.
(b) “Measurement” is what measurement we use. Example: Percentage, number of days, dollars, and kilometer.
(c) “Target” is what to achieve and “when”. Example: increase deposit growth 20% this year; and to reduce customer waiting time from 5 minutes to 3 minutes within 2 months.
(d) “Initiative” is a set of actions to achieve the target. Examples: (i) Improve customer service (ii) Increase promotion (iii) reduce lending rate (iv) to increase staff training.

3. Cascade the KPIs

The Manager should cascade his KPIs to his subordinates. Let say, if the manager’s KPI is to achieve $20 million value of loan, how does his KPI be translated to 5 marketing assistants? In this example, KPI for each marketing assistant is $4 million! So, the achievement of the manager’s KPI is the achievement of his subordinates’ KPIs. The only different is the function. The function of the manager is to lead his subordinates whereas the function of his subordinates is to meet customers.

4. Monitor the KPI

The KPI should be monitored regularly, say weekly or monthly. Normally a tracking system is develop to monitor the achievement of KPIs of the department (directly the manager) and his subordinates.

Achievement of KPI can be rated into scales. This is an example:

4=exceed requirement
3=meet requirement
2=does not meet requirement

Use of KPI

Achievement of KPI is used by a manager to give reward to his subordinates such as bonus, letter of recognition, send staff to oversea trip, and yearly increment and promotion.