Making a difference: the World Bank Group's Auditor General Carman Lapointe-Young says her team of auditors is playing its part in the organization's fight to end poverty.
The World Bank Group is actually an amalgam of institutions, four of which have their own executive board of directors. The directors are appointed by member countries or groups of countries, and rotate frequently. In practice, three of the boards usually comprise the same directors--24 in total. Presiding over it all is the president of the World Bank, Robert Zoellick, a former U.S. deputy secretary of state. The previous president, Paul Wolfowitz, a controversial figure, resigned in an ethics scandal in May 2007, after serving only two years in office. The story of his departure captured media attention around the world. Every organization has its politics, but the World Bank is in a class of its own.
While the bank has only had II presidents in its 64-year history, Lapointe-Young has worked with three of them since joining the organization in 2004. The World Bank is a tough place to audit, but Lapointe-Young is convinced that her team is playing its part in ending poverty, which she says is motivation enough to overcome the challenges of working in such a politically sensitive organization.
Q. What is your role at The World Bank?
As auditor general, I lead an internal audit function of about 60 auditors, and I report to the president and to the audit committee of the board. The resident board members are called executive directors, but they don't have responsibility for managing bank functions. They provide day-to-day oversight and meet regularly. The audit committee meets frequently--often weekly--so preparing for and attending meetings can be time-consuming. Our audit committee comprises eight of the 24 executive directors. The board of governors who are finance ministers of the shareholding countries' governments only meet twice a year. We don't interact directly with them.
The president is my official supervisor. He has a meeting every morning with his senior management team and all of the vice presidents--I am part of that meeting. We are brought up to date on the issues that are on his mind, and each of the senior executives around the table has an obligation to keep him informed of emerging issues he may need to react to or address.
Q. Do you attend as an independent audit person or as an executive?
It is very much the latter. I think it's important that the audit function does not operate in a vacuum. If we are to really understand the issues that face the organization, we need to be part of that network. It's also a way for me to advise the president on significant issues relating to our audit work and to get his support. He has very little time to sit with anyone around that table on a one-on-one basis; he is very focused on external issues. But what we agreed on when he first arrived, and it seems to be working, is that if he shows support for the audit function at that meeting, it almost guarantees I won't need to appeal for his support on any major issues. He's very effective at that.
Q. How is the internal audit role evolving?
In the past, most of the audits in country operations looked only at financial and administrative activities. If an office in a particular country had a US $2 million budget, internal auditing would look at how it was managed or how the office hired people or secured the premises. The auditors weren't looking at the portfolio of bank projects and trust funds being managed in the field; but that's where the biggest risks lie--is the bank doing what it's supposed to be doing?
Three years ago, we moved to doing full-scope audits of country operations in the field. We still look at the financial and administrative functions, but the real value is in looking at how well business risks are managed. That has been a major change, and there has been something of a price to pay, because we didn't get additional resources to do this type of work. As a result, instead of doing 60 or 70 audits in the field, we can only do 20 or 25. The reduced visibility doesn't have the same deterrent effect, but the results have much greater impact.
Of course, we also carry out a full program of business process, financial, treasury, and IT audits at headquarters. In recent years, we have developed extensive skills in IT auditing and data mining, and we've leveraged these skills to our advantage--our audit results are much more compelling.
Our goal is to provide an annual "positive assurance" opinion to senior management and the board on the overall quality of internal controls, not just on individual audits. This has meant a dramatic change in the way we assess risks and plan our audit work. It means doing enough work to be able to say with a level of confidence that we know all of the soft spots--the control weaknesses that can prevent the bank from achieving its goals.
Q. How does your role at the World Bank differ from that at the Canadian federal bodies where you worked previously?
From an audit perspective, I'm dealing with the same sorts of issues--it's the client relationships, the stakeholder management, and the governance issues that really tend to occupy me. But here we have the added complexity of culture.
I have 28 nationalities on my audit team at headquarters alone, so just learning names was hard in the first three months--not to mention getting people to sit down and feel comfortable challenging my thinking, which culturally for many is uncomfortable. That can also be a problem for our teams in the field. Certain cultures are just not comfortable in challenging superiors or being assertive in raising audit issues. But diversity is important to us. When we recruit people, we look globally and cast our net as widely as possible to get diverse perspectives and people who can help us understand what impact culture can have in a particular country.
Q. A lot of the work you do is highly politically sensitive. What kind of issues does that create?
Our executive directors, many of whom represent more than one country, are expected to represent the interests of the bank as well as the positions of the constituencies that put them in those seats. Their views and votes on many issues reflect that reality--that's how multilateral organizations work. Board members are very adept in that sort of system, but it has been an interesting challenge for me. I have worked in Canadian state-owned organizations that were political, but this is on a global scale. It's just something you have to learn how to deal with.
Q. How do you deal with it?
We do a lot of briefing discussions. We have a board where a third of the members leave each year, so we are always getting to know new people. I concentrate on audit committee members or their advisers, sharing our perspectives and learning to understand theirs, so that when we need support on really important issues, we will all feel more comfortable speaking about them.
Q. You have people doing audit work in a range of countries. What types of challenges do they face?
In remote areas, language barriers and the basic difficulty of getting around cause obvious problems. We try to have at least one person on the audit team who speaks the local language. Recently, we've tried what we call our guest auditor program. We invite people from other parts of the bank with particular expertise and language skills to work with the audit team for the duration of a project. A side benefit is that when they go back to their regular work they understand internal auditing better.
Sometimes our auditors travel to dangerous regions; they are sensitized to issues about which they need to be careful. We use a company that alerts us to emerging situations and provides updates about bombings, political unrest, or demonstrations. In a recent audit of our operations in Iraq, we sent the team to Jordan and had the local people from Iraq come to meet the auditors there to avoid the danger. We can evacuate audit teams quickly when necessary, whether it is due to political unrest, as in Kenya recently, or due to natural disasters like the flooding in Bangladesh.
Q. What is your objective when working in the field?
Our objective is to look at whether bank staff members are carrying out their responsibilities to supervise operations in accordance with the bank's policies and procedures. You can't just do desk reviews; at some point, you have to determine whether the school was built and whether it was built to specification. The only way to determine that is to go out to the location and see it for yourself and talk to people. Implementation teams in our client governments manage many of the projects, so our teams visit their offices. That puts us into direct contact with clients rather than bank staff, which can create its own issues if they feel threatened or challenged.
Q. Why would they feel threatened?
Everyone feels uncomfortable around auditors. But occasionally people are feeling vulnerable because something improper is happening, so we try to prepare ourselves by making sure we know when we are walking into a difficult situation.
The internal audit function is not responsible for investigating fraud and corruption; we refer suspected fraud cases to our institutional integrity unit, which handles that responsibility. However, we always make sure we know what the unit is working on so we are at least going in with our eyes open. If we know that the unit is involved in a particularly sensitive investigation, we may try to avoid the field visits, or we may take our direction from the unit to work together more effectively.
Q. Finding that money is not being used appropriately can be politically sensitive. Does that put pressure on your field auditors to manipulate their findings?
There is probably more political pressure on the project management staff than our auditors. Local staff supervising projects might be susceptible to retaliation for reporting ineffective project management, or to getting drawn into fraud or corruption, or looking the other way. That requires closer monitoring from centralized management units and from functions, like internal auditing, that can be objective. Regardless of what the project reports claim, there's nothing like going into the field to see projects for ourselves.
There is always pushback on audits that are less than satisfactory. That's a fact of life in any audit function. When we moved to full-scope audits it was a tough sell because, quite frankly, looking at the management of the business is a lot more sensitive than looking at how the budget is managed. It also requires different competencies, which we had to build. It took a lot of convincing to move into full-scope audits in high-risk operations. Part of management's argument was that they had other functions looking at the quality of supervision. However, those functions report to operational management; so if they are not independent and don't report to the board, how is accountability ensured?
Q. Have you won these arguments now?
The auditors get strong support at the audit committee and board level. To do my job requires being able to deal with the situations that can get uncomfortable. But we've managed to influence a lot of change in this organization. When I arrived, I had to take the ethical pulse of the organization to get a feel for the strength of the control environment, which all auditors know is more important than the formal controls. I conducted audits of discretionary expenditures--travel is a really good one to pick, especially in an organization that spends millions a year on it. You can tell a lot by looking at travel claims. We used our data mining expertise to look at all 75,000 trips taken in just over a year. There are policies that cover every aspect of travel, but all exceptions duly approved by supervisors were not considered to be "exceptions." After analyzing exception levels, we recommended creating regular visibility for exception levels in each unit. This visibility changed behaviors and significantly reduced travel costs for the organization as a result.
Q. What do you enjoy most about your role?
We've been able to get more directly involved in helping move the development agenda forward, and we're looking for ways to get more internal audit shops in international organizations involved as well. We've been putting some resources into capacity development in internal auditing in client governments, and we hope to do more of this. Our cultural diversity translates into a broad range of expertise, language skills, and cultural savvy within our team. Putting those skills to work to help client countries create the environment, infrastructure, and competencies to carry out internal auditing makes sense. Development in general will thrive, in my view, only when governments are able to manage and monitor from within, and internal auditing is one of the basic pillars of accountability.
So we've been getting involved with initiatives led by our financial management specialists. We're also helping The IIA validate a capability maturity model for the profession that will serve as a framework for development. And finally, we're welcoming government leaders involved in establishing internal auditing into our department to get some first-hand experience. It makes sense to put our skills to work, and it gives our auditors a chance to get involved in activities that, for a change, are not fraught with inherent conflict.
Auditors are never popular--that's not why we exist. But I love the cultural diversity, especially on my team. And I enjoy--as heartbreaking as it is--getting into the field and seeing the work that the bank is accomplishing. When I took my first trip to the field--a visit to India--I couldn't even talk about it to my children without crying for six weeks after I came back.
Sometimes I think we have an impossible mission--to eliminate poverty. It can be hard to comprehend that we'll ever get there, but it's nice to play some small part. The footer in each of our reports reminds us of our commitment to provide "Assurance and advice that bring Our Dream closer." I think we are making a difference.
To comment on this article, e-mail the author at firstname.lastname@example.org.
BY NEIL BAKER
EDITOR, INTERNAL AUDITING
ILLUSTRATION BY RICHARD TUSCHMAN
|Printer friendly Cite/link Email Feedback|
|Date:||Jun 1, 2008|
|Previous Article:||The PCAOB 101.|
|Next Article:||The auditor's role in mergers and acquisitions: companies often underestimate the importance of risk management during the M&A process.|