Printer Friendly Page
Never be lost for words
Accountant creates dictionary app of accountancy terms and abbreviations.

Accountant creates dictionary app of accountancy terms and abbreviations.


Lancaster accountant Mark Ellis, an ACCA member with over 20 years' experience in public practice and higher education, recently launched a mobile app, called Accounting Dictionary, to help students, accountants, finance staff in general and business owners to better understand the language of accountancy.


Based on his successful website the app has achieved over 15,000 downloads since its launch three months ago. It contains a continually expanding collection of over 4,400 accountancy terms, abbreviations and definitions. As well as including related entries, an in-built search facility, lists of most popular terms and recently added terms, the app works both on- and off-line, meaning that once downloaded an internet connection is not necessary.


The Accounting Dictionary App is available on both Android and iPhone platforms. There is a free Lite version, which is fully functional and includes discreet advertising, or users can choose the Pro version, which is the price of a cappuccino and is advert free.


Mark is keen to involve the accounting community. ‘There are opportunities for accountants and students to enhance the collection by suggesting additional entries or amending existing ones. In return they help to grow the dictionary and receive an acknowledgement and a link back to their own organisation both within the app and on our website.’ 

The internal audit network panel
The internal audit network panel.

David Watton FCCA
David has worked as an internal auditor for the last 20 years and has experienced at first hand the major developments and convergence that have taken place in internal auditing, corporate governance and risk management in this time, including the impact of Sarbanes-Oxley. His current position and extensive travels as a senior internal auditor with FTSE 100 global oil and gas company BG Group have given him an international insight to the internal audit profession.

Graeme Clarke FCCA
(Vice Chair)
Graeme was first attracted to internal audit by the opportunity to work with a varied and diverse range of organisations and make a difference by recommending ways for improvement. Upon graduating from university, he joined a specialist provider of internal audit and risk management services. Ten years on, he remains a specialist internal auditor and is currently a director of the governance, risk and internal control team at Mazars LLP. His internal audit experience covers the breadth of the public and not-for-profit sectors including central government, local government, education, housing and health and charities.

Olusegun Kazim FCCA 
Olusegun owns and operates an accounting and tax advisory practice as well as a business consultancy providing internal audit services.

Peter Mumbere FCCA 
Peter works for VISA Europe.

Sarah Pumfrett FCCA
Sarah is a senior internal auditor with Shell.

Neville de Spretter FCCA 
Neville is an independent specialist in governance, risk management and control. He has worked globally with companies in utilities, manufacturing, oil and gas, retail and with public sector organisations, and has helped chief executives in private and public sector organisations to use business alignment to implement strategy, create value and save cost.

John Webb FCCA 
John is an independent consultant.

To contact any of these Panel members, please email Pat Delbridge.

Save the date!
Plan ahead to attend ACCA UK's Internal Audit Conference 2014.

Plan ahead to attend ACCA UK's Internal Audit Conference 2014.

ACCA UK’s 2014 annual Internal Audit Conference will take place on Thursday 15 May in London. If you would like to register your interest then please send an email to our Professional Courses team.

Spring 2014 networking forums
Three events already planned for 2014. What topics will they cover?

2014 spring programme of networking forums


ACCA works in conjunction with the Chartered Institute of Internal Auditors (IIA) to present a programme of free networking forums. Six forums are held a year – usually at ACCA’s head office at 29 Lincoln’s Inn Fields – and take place from 09.00 – 10.30.

The format of each event is a one hour talk followed by questions and answers and is preceded by time to network over tea, coffee and Danishes.

The 2014 Spring Programme has now been finalised and will comprise the following events:

  • 26 February – Auditing Strategy – How Far Should We Go? – Monica Dawson, Group Risk Assurance Manager, Home Retail Group
  • 25 March – An Information Management Audit – Gavin Davey, Associate/Director, IT Assurance Services, Moore Stephens LLP
  • 12 June – Auditing Customer Services – Jo Hurren, Consultant.

Attendance at all events is free, but as places are limited please book online in advance.

Please note prior to booking an event you must register on the online booking system. Once you have received your registration email and activated your account, please follow the steps below:

1. Select Events Catalogue
2. Select the Sector/Network tab
3. Tick the box next to Internal Audit and press Search
4. Add all the events you would like to book to your basket
5. Once you have added all the events you would like to attend, click Checkout.

If you are interested in past events, an archive of podcasts and accompanying handout material can be found on ACCA’s  Audit & Assurance Virtual Learning Centre. For access to this resource, log in to your myACCA account and select the 'Virtual Learning Centre' link (in the 'Learning Opportunities' box). Then click on the 'Log in Now' button and accept the conditions of use and you will be taken to a menu page. Scroll down the menu page to select 'Internal Audit' and that will take you into the virtual learning centre.

This resource is only available to ACCA members and is free of charge. Material from the Spring 2014 events will also be included in this section in due course.


Big data

The amount of information published was growing exponentially before the world embraced computers and information became digital.

Big Data (ACCA)

The amount of information published was growing exponentially before the world embraced computers and information became digital. Converging technology trends, the shift from analogue to digital, widespread mobile device adoption, internet-connected systems and ‘exhaust data’ from physical objects (also known as the internet of things, or the internet of everything: IoE) have combined to create the vast amounts of structured and unstructured data we now call ‘big data’.


New types of data will throw up new challenges as well: over the next decade, new standards for measuring and valuing data will be developed, with the inclusion of new and more diverse datasets in reporting, modelling and forecasting. There are less measurable issues too, such as those concerning ethics and privacy. The debate about the impact and implications of these has barely begun – but getting them wrong could prove to be explosive.


This report presents a balanced picture of the impact of big data on the accountancy and finance professions in the coming five to ten years by identifying specific opportunities and challenges for the accountancy and finance professions.

The post digital grapevine: social media and the role of internal audit

No longer confined to areas of entertainment and life management, social media and social software have become an integral part of the post-digital business landscape.

The Post Digital Grapevine: social media and the role of internal audit (Deloitte)

No longer confined to areas of entertainment and life management, social media and social software have become an integral part of the post-digital business landscape. With more and more users linking, liking, friending and following, how can internal audit help assess and mitigate risks associated with social business?


This paper discusses the proactive steps IA can take to help address such growing challenges as: 

  • brand and reputation damage
  • regulatory compliance
  • information leakage
  • third-party risk
  • governance risk.

In each of these categories, IA can play a critical role in understanding the potential risks of engaging in social business. IA can also help to monitor and manage threats and strike a balance between risks and opportunities. 



Internal audit practitioner guides: assignment team management
The latest guide covers assignment team management.

ACCA has produced a series of Internal Audit Practitioner Guides which can be found in its Internal Audit Virtual Learning Centre. These guides are easy to read and outline what internal auditing is like in practice and the pitfalls that are often encountered.

The last IA Bulletin included a guide covering 'following up on management actions'. In this issue, we include the guide to assignment team management.

For access to ACCA UK’s Virtual Learning Centre: 

  • log in to your myACCA account
  • select the ‘Virtual Learning Centre’ link (in the ‘Learning Opportunities’ box)
  • click on the ‘Log in Now’ button and accept the conditions of use and you will be taken to a menu page
  • scroll down the menu page to select ‘Internal Audit’ and that will take you into the virtual learning centre. 

The guides can be found in the ‘Audit Basics’ part of the ‘Learning about Internal Audit’ section. This resource is only available to ACCA members and is free of charge.

Christmas upside down
Peter Bonisch takes a timely look at the culture of (internal) audit.

Peter Bonisch takes a timely look at the culture of (internal) audit.


It’s almost Christmas time again. In the UK, that means major retail stores competing for the most nauseatingly cute Christmas-themed advertising campaign.


This year, two have caught my kids’ attention – and have thus been thrust into mine. The first involves Helena Bonham Carter (Bellatrix L’Estrange for Harry Potter fans; Ophelia circa 1990 for Shakespeare – or Mel Gibson – fans) reprising her 2010 role as the Red Queen in Alice in Wonderland (directed then, of course, by her husband, Tim Burton). But don’t ask me what it is advertising (the ad agency will hate the ‘cut-through’ implications of that; remember, half of all advertising spend is wasted and in this case we know that I am in that half).


The other involves a rabbit disturbing the hibernation of his (or, equally possibly, her) friend, a bear, with an alarm clock, presumably bought from the store that is the object of the advertisement; again, don’t ask me which store. Forget that any form of reality would have the aforementioned bear adding to its mid-winter calorific intake at the expense of the rabbit. Or that the rabbit would not, anyway, have the dexterity to set the alarm clock, or, for that matter, the cerebral capacity to understand time as divided in to 24 equal periods in the course of a day. In the world of advertisers, you should never spoil a schmaltzy story for the sake of the truth.


On the plus side, both capture a certain number of truths; one is snow. Christmas should have snow. Everywhere. Even places that never see snow. And turkeys (except that my daughter has recently opted for vegetarianism on moral grounds, a lifestyle choice that ignores the lifestyle choice of her immediate, meat-eating family). But let’s focus on the snow.


As a young child, I have a vivid memory of snow on Christmas Day. This would be unexceptional for my children (or the other several million children growing up in greater London). But, where I am from, the average December temperature is more than 20 degrees higher than the temperature at which snowflakes form. So, no snow, but lots of turkeys. Except that, in keeping with many of the popular stories about that part of the world, we tended to have barbecues on Christmas Day. I’m sure it is possible to barbecue a turkey but it is well beyond my culinary skills. Think beef, lots of beef. Not a cranberry in sight.


So, if the Christmas auditor visited my house back then, we would have failed dismally at the traditional, turkey-filled, snow-covered Christmas (and, even now, the memory test on which UK retailers best capture this spirit – or, at least, have the greatest creative spend on their 2013 Christmas advertising campaigns). But then, come to think of it, so would most of the world. Especially those parts where people do not routinely celebrate Christian religious festivals. But that’s not my point.


If we had received a visit from the Christmas auditor, the stockings would be there (tick); the tree would be there (tick); it would be suitably decorated with a star – or in our case a Christmas moose purchased at Niagara Falls (although on the Canadian side) – so no tick there. There would be presents under the tree (tick) and champagne (tick) and those silly cracker things that you pull that never work properly (tick) and napkins in seasonal colours (tick) but here the ticks would run out.


There would be no snow - except in that one case in 19xx (deleted by the editor for fear of revealing the decrepitude of the author); there would be no woollen jerseys (except in pre-shorn, pre-spun, pre-dyed, still-frolicking form); there would be no hats with pom-poms on them; no snowmen (redundant, obviously, as there would be no snow); there would be no mittens and there would be no Wellingtons (although, that last one is debatable as it always rains there and everybody has Wellingtons, they just don’t call them that). We would have failed the traditional Christmas audit dismally.


Of course, it is highly unlikely that, outside American television scripts – scripts, only, mind; such a show would never make it in to production or broadcast – anyone would audit Christmas except for the rather pointless auditing of gifts received and violation of companies’ gift policies (although, that is also the jurisdiction of the happiness police). But, there is a serious point herein.


Recent UK regulatory initiatives, both in financial services and major, listed companies, require firms to attend to their cultures or ‘risk cultures’; one such document has actually been developed and promulgated recently by the UK Financial Reporting Council and, for financial services, another in the last year by the Chartered Institute of Internal Auditors; still others by financial sector regulators. The CIIA document met with widespread favourable comment. This is wrong-headed and is a worrying development. In 1952, two American anthropologists famously identified 164 different definitions of culture. It is stretching credulity to imagine that the number of definitions available has declined in the intervening 60 years. So, we face the need to audit the organisational equivalent of Christmas: it is different everywhere, means different things to different people and is wholly dependent on cultural context: there is no right answer.


Christmas cannot be quantified or its attributes summed, any more than organisational culture can be. Certain attributes can be ranked by preference or noted as present or absent – think board risk committees or green napkins. We can compare this year’s tree to last year’s and, even, comment on the infrequency of having a family’s Christmas moose adorning the tree.


But no one can tell me that it is right or wrong to have such a moose adorning such a tree – or to wear sandals at the beach rather than Wellingtons in the snow. Auditing culture is simply not meaningful or, at the very least, it is a highly specialised activity that requires considerable skill and, probably, training in behavioural analysis and research methods; such backgrounds are uncommon in the audit world.


Auditing culture involves having previously sought to understand the validity (or not) of a good chunk of the 164 definitions identified by Alfred Kroeber and Clyde Kluckhohn in 1952; OK, I admit that one may be setting the bar a bit on the high side. But it is the province of social science, not of evidential standards (except, possibly, at a clinical level). Most auditors have no such knowledge or training.


For me, Christmas should be spent at the beach. But there is no ‘right’ way to spend Christmas. Not everybody can or should have snow. We need to stop pretending that there is a ‘right culture’ or that organisational structural or analytic attributes can define a culture any more than turkeys or trees define Christmas; they contribute, certainly, but it is a braver man or woman than I am who would stipulate how they contribute. This is not the stuff of audits any more than it is validly the stuff of regulations.


Auditing, done well anyway, requires humility; it requires recognising the limits of one’s evidence and inference. Christmas just doesn’t belong on the list; nor does culture. Who are you to say I cannot have my Christmas moose?


Peter Bonisch – managing director, Paradigm Risk Ltd

Integrity through integration – using business alignment to assure business success
Business alignment is a fresh approach used by a number of private and public sector organisations to grasp the holy grail of effective governance, as Neville de Spretter explains.

Business alignment is a fresh approach used by a number of private and public sector organisations to grasp the holy grail of effective governance, as Neville de Spretter explains.


In the article, governance is defined as the system by which the whole organisation is directed, controlled and held accountable to achieve its core purpose over the long term. (BS 13500:2013 Code of practice for delivering effective governance.)


An outcome is defined as the result and benefit of achieving an objective, a desired future state, what an organisation wants to achieve. Outcomes are permanent, long-term and independent of organisational structure; objectives are temporary, short-term and specific to a particular organisational structure.


My last joint article with Peter Bebb, Creating value for money by rethinking cost structures, was published in April and generated some passionate debate at IACON in July (thank you to all who read and digested the eBulletin!).


Much of the debate, and later questions and discussion, centred on the wider application of business alignment and how it can be used in practice. I was asked to write an article on my experience of business alignment to this effect; here it is…


In the mid-to-late 1990s I worked for a large PLC in which the executive team met to review performance over the year and to set targets for the next year. There was much debate about past and future key performance indicators (KPIs) and a general feeling emerged that, despite the organisation’s continuing success, there had to be a better way to govern, lead and manage the organisation to ensure its future success.


At the time, the strategic imperatives, initiatives and KPIs were unlinked, disconnected from what actually happened in the business, and had little apparent commitment from staff. Much depended on the attention of the CEO, who stated that a robust, efficient and effective governance and management framework and system was needed, but rightly disliked bureaucracy and transfer charging.


Outcome strategy map
To this end the CEO set up a team and, working with all stakeholders over six months, we developed the outcome strategy map, which distilled the business’ 45-page strategy into the 13 outcomes that were most critical to the realisation of its vision. It also defined the causal relationships between the outcomes, ie which outcomes are dependent on which other outcomes. In so doing, it validated and assured the quality of the strategy. [See Diagram 1: Outcome strategy map, level 1 (corporate strategic outcomes)]


The executive team, led by the CEO, recognised a solution to the age-old problem of prioritisation. There was a quick win in cutting out projects that didn’t add to the economic, efficient and effective realisation of outcome delivery. Traditionally it is easy to add projects in businesses, but stopping initiatives is a real challenge.


With business alignment outcomes are clearly prioritised by their inclusion on the strategy map, and actions are prioritised by their relationship to the strategic outcomes. Those actions, which directly deliver the strategic outcomes, are automatically top priority.


Not all actions result in something useful and hard work is not always productive. Relating actions to the strategic outcomes ensures that only useful actions are included. This meant that over 150 projects were reduced to fewer than 15 in just three months of analysing whether the projects actually did deliver outcomes more economically, efficiently and effectively, resulting in significant consequential savings to the business.


The executive team also saw that the cause and effect relationships between outcomes provide a means of predicting the delivery of the vision. If one of the prime causes is failing, there is early warning that the mission is at risk of failure. KPIs do not provide this predictability.


Business alignment team
The CEO immediately set up a business alignment team, which included my role as director of business assurance. This led to our changing the whole business management process using business alignment – about integrating and replacing existing management processes, including corporate governance, business planning, budgeting, risk management, resource management, portfolio and programme management, performance management, reward management, information technology strategy, knowledge management and corporate communication.


It is wrong to see business alignment as a programme or project. It is simply a more economic, efficient and effective way of running an organisation. It firstly transforms the organisation and then continuously improves it.


Consequently this isn’t a quick fix, though there are quick wins along the way, as with the weeding out of unaligned projects described above. It certainly wasn’t plain sailing. The timescale, 36 months at the PLC, can be longer than may be anticipated, but forcing the pace doesn’t work with a programme that is aimed at creating self-managing teams. The main reason for the long timescale is the need, or distraction – depending on your viewpoint – of the daily issues, which business alignment will eventually help to smooth out.


Business management system
As we picked up pace with the business alignment approach we quickly produced a lot of information and needed somewhere to store it and process it so that we could use it to support and audit the business. To this end we developed reporting into a single process, system and dashboard, the business management system, utilising technology as an enabler, to provide the following benefits:


  • integration – everything the organisation needs to do and employ to deliver its required outcomes is linked at all levels across the whole value chain from customers through staff to suppliers
  • predictability – the probability of the required outcomes being delivered is objectively predicted, enabling risk mitigation
  • transparency – any stakeholder is able to see what the business intends to employ, do and deliver, and the progress being made and expected.


Effective communication of the strategy was a necessary condition of its implementation. The strategy map tells the story of the strategy without additional explanation. It explains how the strategy will be delivered. It is possible, by following the arrows, to understand the chain of cause and effect that will lead to the ultimate outcome that achieves the mission.


The strategy map was seen as a powerful tool in the business. It fitted onto one page. It provided unexpected insights into the future of the organisation – it set the future benchmark. The outcomes on the strategy map were concrete, specific and measurable. The causal connections between the outcomes gave credibility to the story it told. And the combination of these factors created understanding of the strategy and brought people on board.


The executive team discussed, amended and agreed the strategy map with the board. Led by the chief executive, they communicated the strategy map to the PLC’s staff. In consequence, many more people understood the company’s strategy, and there was consensus on what needed to be delivered strategically.


Balanced scorecard
While the strategy map was being communicated, the business alignment team started to develop a balanced scorecard to measure and predict the delivery of the strategic outcomes. The balanced scorecard differs from key performance indicators (KPIs).


There is a unique measure of the achievement of an outcome that avoids the ambiguity caused by multiple KPIs. There is also a predictor (lead) measure, which tells the management team whether they are likely to achieve the outcome. Finally the business alignment team worked with the business to identify the key risk to each outcome, aligning risks with outcomes, and giving clarity and transparency to the activities that managed and mitigated each risk.


For audit purposes this was also a powerful tool; with clarity on the audit universe we could assure, in a non-adversarial, business-enabling way, that the activities worked to manage or mitigate each risk to a level of residual risk that was acceptable to the business. If they didn’t, it was simple to facilitate the actions needed to do so, or directors could agree to leave the level of risk where it was. This was visible to all.


As time progressed, we discussed and modified the balanced scorecard with project sponsors, the project leaders, the executive team and the board. The CEO also involved our major investors, partners and analysts, as part of positive engagement in ensuring that their agendas were taken into account in outcome delivery. The remuneration committee agreed that the executive team’s incentives would be determined by the achievement of the strategic outcomes as measured by the balanced scorecard. Much clarity, objectivity and productivity was obtained through the strategy map and the balanced scorecard.


Of course, it’s not enough to know what you need to achieve. You also have to achieve it.


The business alignment team next worked out what the business needed to do to achieve its strategic outcomes. We deliberately ignored current processes and projects in order to get an objective view of what was really necessary, in line with Michael Hammer’s original principle of business process re-engineering. We then compared these with current processes and initiatives to identify those that could stop. The relationships between the outcomes and the activities required to deliver them defined outcome-oriented organisational units and teams that successively added value to the stakeholders of the business by delivering the strategic outcomes.


The skills required by the teams were defined as the ability to carry out the activities needed to deliver the outcomes, and the competences were defined as the ability to produce the outcomes. (See Diagram 2: outcome-oriented organisational units and teams)


The business quickly found that outcome-oriented teams are more productive than skill-based teams such as marketing or human resources because they focus people on the delivery of outcomes rather than operations within a skill silo.


The value chain was discussed, amended and agreed with the executive team. Following this agreement, the business alignment team derived a service-oriented architecture from the value chain which revealed that the existing portfolio of around a hundred computer systems and many more data stores could be reduced to just seven systems and three databases, saving significant sums of money, whilst dramatically improving the service provided to staff and members. Over a 20 month period the business went on to cut costs by 30%, gain significant market and revenue growth, and win an award for strategy and business transformation best practice from the Management Consultancies Association.


Estimating resources required
The final step in the alignment of the PLC corporately was to estimate the resources required – the skills and facilities required to carry out the activities. The volume of skills required was calculated from an estimate of the time needed to carry out each activity multiplied by the number of outcomes to be delivered. This resource optimisation process identified a potential productivity gain of 20%. (See Diagram 3: resource optimisation; this example relates to one area in one division within the company.) 


The business alignment team next sub-divided the strategic outcomes, activities and resources into their contributory outcomes, activities and resources. We formed lower-level business areas from these and agreed them with the executive team, who then formed business area teams to define the areas in more detail.


Successive levels of the existing organisational structure were invited to say what they could contribute to delivery of higher-level outcomes. In defining their own contributions, people declared their accountability and responsibility for the delivery of these outcomes. This ‘pull’ approach created genuinely self-managing teams, empowered and supported by the CEO and the executive team to deliver the outcomes, and thereby also completely changing the culture of the business from command and control, top-down management to teams of people motivated to do the right thing.


A number of diverse organisations, private and public sector, have now applied business alignment since the business alignment team developed the approach in the late 1990s.


Some are still part way through the process, but all have benefited significantly from the integration, predictability and transparency provided by the process.


Neville de Spretter


Neville is a member of ACCA UK’s Internal Audit Network Panel, an independent specialist in governance, risk management and control, principal at AdLibero2, an associate of Perendie, a non-executive director of StyleSeeker Ltd, a steering committee member for the CRSA Forum, and a committee and drafting panel member for BSI’s BS 13500 code of practice for delivering effective governance.

Measuring the performance of the HIA
Sir Andrew Likierman introduces some of the key indicators when assessing the performance of the HIA.

Sir Andrew Likierman introduces some of the key indicators when assessing the performance of the HIA.


The professional life of heads of internal audit (HIAs) involves sophisticated assessment and evaluation. Yet the way of measuring the HIA’s performance is often surprisingly primitive. To be fair, this is not just for the HIA – there are problems in assessing the head of any function.


Good performance measurement is not just important to provide the basis for remuneration and useful signals for improvement. It also underpins colleagues’ confidence in the HIA. Most don’t have the information to distinguish a good functional head, including the HIA, from one that is merely adequate. For the HIA there is the additional dimension of the ‘special relationship’ with senior management and the board that has no parallel in any other function.


Set out below is a measurement framework for HIAs. As with any framework, it will need to be tailored to the circumstances of individual organisations. The focus is on the private sector, though a number of aspects will be relevant to the public sector.


What not to measure
Let’s get some poor measures out of the way. Straight activity – numbers of audits, time taken for each stage of the audit or staff turnover – will be important as raw material to build up an overall picture about the HIA. But activity measures are generally of the function, not the individual, and even to give context are relevant only with comparisons with objectives, with other HIAs or with best practice. They are potentially misleading in isolation.


‘Value added’ sounds good, but is a better slogan than a measure. Applying the measure to control improvements or building corporate governance, the question is how value is measured, since value isn’t absolute. And again comparisons are essential.


The other problem in measuring value added is that there isn’t a counterfactual to tell us what would happen if the HIA wasn’t there. If comments on the need to add value are a polite way of saying that the HIA isn’t really focusing on the needs of the business, the HIA must establish whether this really is the issue so that remedial action can be taken. 


Personal popularity (or unpopularity) isn’t a measure either. I knew one HIA who was convinced that being unpopular was a sign of rigour in the way he worked. He didn’t acknowledge that it also disastrously inhibited his ability to do the job. His replacement was someone who commanded respect and did a far more effective job just as rigorously.


Finally, of course, there’s no reason to link HIA performance and the performance of the organisation. The tendency is to believe that everyone’s doing well when the organisation is in good shape, and to treat everything and everyone as suspect in an organisation doing badly. But unless the HIA or internal audit is specifically implicated in a disaster, performance cannot realistically be linked in this way. 


The performance matrix
The performance matrix in the chart (below) shows a suggested framework. It identifies the three main roles of the HIA: 

  • a professional role as expert
  • a line management role as head of function
  • an organisation-wide role as a member of the senior management team.


It’s in the interests of the HIA for each to be recognised in the measurement process.


Against each role, three comparisons should be made. These are performance against plan or objective, performance against others and performance against opportunity (what might have been).


Most organisations focus on performance against plan alone, which is not enough. Plans are difficult to set, and it isn’t unknown for HIAs to set levels over-conservatively. Hence the need to look at all three comparisons. Note that the matrix does not include performance against last year. This is because unless change is against an objective, the past is of limited relevance in measuring performance. 


The performance matrix also gives examples of the kinds of measures which might be used (measure here doesn’t necessarily mean a number): 

  • performance against objective might cover a plan to disseminate good risk management practice
  • performance against others might be how well the HIA compares with others as leader of a team of professionals
  • performance against opportunity might be based on a look back at how an issue which came up during the year was dealt with compared with how it might have been tackled.  


An indication of the relative difficulty of finding measures is given for each comparison. This is only illustrative. It will vary between organisations and may well vary over time. The toughest aspect is what’s possible as a technical expert – a measurement problem common to other professional heads.


Taking each comparison in turn: 

  • Comparison with plan/objective
    This will be based on the budget but will need to go further than most budgets, which tend to focus on activity and process. Achievement of the audit plan is certainly important, but measures should also cover outcome and be linked to the risk agenda.


  • Compared with others
    The comparisons will be both internal and external. Even internal feedback needs to go further than straightforward figures – staff commitment based on the annual staff questionnaire might well give an indication of comparison with other functional heads, but commitment levels need to be interpreted in the light of staffing policy.  

    Finding external comparisons will rarely be easy. So it may be necessary to split the function into parts that can be compared, rather than looking at the function as a whole. For example, an assessment of quality of communication with the rest of the organisation or team leader qualities can be compared with leaders of other teams.


  • Compared with what’s possible
    Although only one of the boxes in the performance matrix is coloured red, it needs to be acknowledged that all measurement against opportunity is difficult. Independence of mind compared with the best possible standards is crucial, but may be difficult to pin down. This is where outsiders can play an important role (see below).


For most of the comparisons with what’s possible, we will never know what might have happened without the intervention of the HIA.  Circumstances are so varied when this is assessed that it’s not easy even for the HIA to answer the question ‘How well might I have done if I’d known more?’


Nevertheless, the best HIAs will be asking themselves questions of this kind as a means of improving their performance, and they should certainly form part of any personal annual appraisal. 360 degree feedback should also help here, particularly on the views of internal audit team members.  


In each case, commentary is essential and the results will be indications rather than conclusions. Numbers need also to be put in context, acknowledging the limitations of the data and of the measures used.


The role of outsiders
HIAs sometimes forget just how little many colleagues understand about their role, not least the dividing line between what is required and what is discretionary. Indeed the first time that colleagues may be aware of the quality of the HIA is when a successor arrives. This is just one reason why outsiders are so important to measurement.


Another is to help in making independent judgements. Even performance against objectives is rarely straightforward, since audit programmes and priorities change to varying degrees during the year. There’s also the need for judgement to take account of lags between actions taken and the results being evident.


So measurement needs to be more than asking a few colleagues ‘How happy are you with internal audit?’ The external experience of non-executive directors (especially those on the audit committee) as well as the auditors can add valuable insights. If possible, benchmarking using outside sources should be used. The top class HIA will always want to be aware of best practice.


Implications and conclusion
Using a performance matrix, adapted as necessary to the organisation, will provide better measures than an ad hoc measurement framework which does not acknowledge the multiplicity of HIA roles and the need for appropriate comparisons. The HIA can help the process by ensuring that colleagues fully understand the role.


Sending material about internal audit may be useful but is no substitute for face-to-face discussion – budget time provides a good excuse. Discussions are also much more likely to get feedback that is deeper and subtler than a questionnaire. Busy colleagues will fill in questionnaires as a duty, but not generally have time (or know enough) to complete descriptive boxes.


Existing methods may be limited, possibly ambiguous and probably uninformed. They may also be comfortable. Taking the initiative to go for something better structured is a risk. But HIAs are well able to judge risk. They will know that they have more to gain from a better-informed assessment than by taking their chances by continuing with a poor one. 


This is an adapted version of an article first published in Internal Auditing and Business Risk in January 2006.


Andrew Likierman is Dean of the London Business School

The audit of tax
What are the key risk areas in tax and how should we approach tax when planning for 2014-15 and beyond?

What are the key risk areas in tax and how should we approach tax when planning for 2014-15 and beyond?

The following is an abridged text from a lecture given by Ian Hersey ACA, FCCA – director, finance, Barclays Internal Audit at a recent ACCA / IIA networking forum.

The world we are in at the moment - scrutiny of multinational companies’ tax arrangements
Any hint that a company is not paying its fair share of tax is deemed newsworthy. Part of that is due to the climate that we have been – and are still - in where there has been a significant difference between the tax take and the required spending of government.


Government has sought to maximise tax revenues and companies’ tax arrangements have attracted huge attention. Amazon, Google, and Starbucks have recently attracted media headlines but it is not all hot air by the media – there is real scrutiny by the government as well with the Commons’ Public Accounts Committee quizzing company bosses.


It is therefore critical that risk appetite is calibrated by a company and that there is appropriate governance to ensure that what a company does is in accordance with that risk appetite – there needs to be recognition of the reputational risk that companies are running that can have material adverse impact on the company.


Tax avoidance or planning
Tax evasion is where a company dishonestly reduces its tax liability by misrepresenting assets or income for the purposes of paying less tax. There is no judgement or subjectivity – this behaviour is wrong.


More difficult is the judgement between tax avoidance and tax planning. Tax avoidance is abiding by the letter – but not the spirit – of the tax law. Clever tax accountants weave through tax law to get an advantage – often through contrived, complicated structures. It is bending the rules of the tax system to gain a tax advantage that Parliament never intended. However, tax planning involves using tax reliefs for the purpose for which they were intended, eg claiming tax relief on capital investment which Parliament wishes to encourage.


But what is avoidance and what is planning? It can be a fine line and there can be a huge grey area in the middle.


Multinationals’ tax arrangements
The most high profile examples of multinationals managing their tax affairs are Google and Amazon, but many multinationals use the same arrangements. These companies break down the end-to-end activities into component parts which give rise to tax benefits.


Using Amazon’s arrangements as an example – a customer orders something online and a few days later receives it through the post. Amazon could structure it so that it is a UK company executing on that whole transaction end to end. Typically though, partly due to the complexity and the global nature and the number of markets they operate in, Amazon breaks down that end to end profit generation into various component parts. Although the customer has bought through the website, the customer is actually transacting with Amazon’s Luxembourg company.


The UK company fulfils the order through distribution warehouses in the UK and is remunerated on a ‘cost plus basis’ (ie a mark up on the actual costs) by the Luxembourg company. The end to end transaction has been broken up into a number of component parts and the true profit – the difference between all of Amazon’s costs and the revenues that the customers are paying – occur in different jurisdictions.


Luxembourg is not a low tax jurisdiction but it allows more tax deductions for interest expenses than the UK does, and also allows IP royalties to be collected without withholding tax.


With Google, the UK is a key market and the UK business provides marketing services to Google Ireland and research & development to Google US. It does not itself directly transact with customers. Google’s sales revenues in the UK are approximately £400m which it recharges to the Irish or US company. The vast majority of Google’s European income is generated in Ireland where there is some $10bn of sales. Ireland has one of Europe’s lowest corporation tax rates at just 12.5%.


Many multinationals also make use of special purpose entities and companies in low tax jurisdictions.


It begs the question – is it right for companies to split activities in this way? Current tax rules are not equipped to deal with tax issues arising in a global and digital economy. Governments are re-visiting transfer pricing rules in recognition that the global and digital economy provides tax planning opportunities to companies.


What happened at my employer, Barclays, provoked a sea change in Barclays’ attitude and activities and governance in relation to tax. Barclays used two tax schemes – debt buyback and investment funds tax credits – but in February 2012, the government stated publicly that these are ‘not transactions that a bank…should be undertaking’.


The government initiated a retrospective change in tax law so the benefits that Barclays had gained were unwound and Barclays had to pay additional cash to the tax authorities. Additionally the government said that the transactions that Barclays had undertaken were not, in its view, in compliance with the UK banking code by which Barclays was bound.


As well as the huge reputational damage that this caused Barclays and the financial impact, it poisoned their relationship with the tax authorities. It became apparent that while Barclays was good at technical tax analysis, it was less good at reading the mood of tax authorities. It just did not see this coming. There was recognition within Barclays that it needed to get closer to tax authorities, and to think about what its risk appetite should be, and make sure there was appropriate governance to support the execution of that risk appetite.


In February 2013, Barclays announced that it would close its structured capital markets business and would no longer engage in complex structures where the primary objectives were to access tax benefits. It also published a set of Tax Principles to govern all future tax-related activity. All transactions would, in future:


  • support genuine commercial activity
  • comply with generally accepted custom and practice, in addition to the law and the UK code of practice on taxation of banks
  • be of a type that the tax authorities would expect
  • only take place with customers and clients sophisticated enough to assess its risks
  • be consistent with, and be seen to be consistent with, our purpose and values.


Tax compliance
Considerations that multi-nationals should have when they are reviewing transactions (some only apply to financial institutions):


  • tax law and treaties – aside from the reputational aspect, management needs to have the right level of review of transactions internally and ensure that experts are involved where appropriate. No company should enter into a tax position without requisite specialist knowledge. Where expertise is not available in-house, external expertise should be sought
  • The Code of Practice on Taxation for Banks states that banks should:
    • adopt adequate governance to control the types of transactions they enter into
    • not undertake tax planning that aims to achieve a tax result that is contrary to the intentions of Parliament (management must show that it has made this assessment and that what it is doing is in line with the intentions of Parliament)
    • comply fully with all their tax obligations
    • maintain a transparent relationship with HMRC (for example, Barclays discloses sensitive transactions to HMRC on a timely basis but it depends on what is appropriate for your business as to what and when you disclose to HMRC). There should be an open relationship based on trust
    • General Anti-Abuse Rule (GAAR) – applies from 17 July 2013 – as with the Code of Practice on Taxation for banks, management must be able to articulate how tax planning complies with GAAR over and above the technical analysis
  • Disclosure of Tax Avoidance Schemes (DoTAS) by the scheme promoter – if your company is promoting tax schemes it should assess whether HMRC should be notified.

Audit considerations

  • There should be a governance structure to assess transactions – Internal Audit should assess the design and operating effectiveness of controls. All parties need to have full regard to the reputational aspect aside from the technical tax analysis.
  • Completeness – the huge geographical spread of multinationals means that it is critical that all transactions go through the governance structure.
  • Appropriate sign-off of transactions.
  • Tax technical analysis – if this is not available in-house then co-sourcing or advice from counsel should be considered, particularly in countries where a  multinational does not do a significant volume of business and there is not an appointed tax person.


Ten years ago, the above would have been sufficient. Not any more though – now there is a need to think about the reputational aspect so further considerations include:


  • Are the transactions compliant with UK GAAR/Code of Practice on Taxation for Banks/DoTAS?
  • Are the transactions compliant with the tax principles?
  • Are you engaging with tax authorities on a regular basis and disclosing as necessary?
  • Treatment of the backbook – governance must cover the stock as well as the flow.
  • Provisioning – this is judgemental and can materially impact on the financial statements so the governance around determining appropriate provisioning levels both from the inception of the transaction and the revisitation as facts and circumstances change is important.


Background to operational taxes – the forgotten area of taxes 

Operational taxes
Taxes such as corporation tax are within the control of the tax department. However, with operational taxes, the tax department is dependent on operations designing and correctly operating the key controls around operational taxes on their behalf – key controls to ensure compliance with withholding or reporting requirements. 

For example, Barclays is required to deduct tax on the interest paid to its customers. The tax department does not operate the control that flags those customers as UK taxpayers – that control will be operated by operations. In certain circumstances, if certain criteria are met, Barclays can pay gross interest and does not have to deduct tax, but it can only do that if certain criteria are met. Operations will assess whether these criteria have been met and the customer can be paid gross but it will not be the tax department doing that, so tax has a dependency on operations. While the tax department will know the tax legislation and will tell operations what the tax law says, it is for operations to act on that information, design appropriate controls and ensure that those controls are operating effectively.

Management of operational taxes can be extremely challenging – there are many taxes and they differ in each jurisdiction. Therefore it is critical that you have:


  • a framework detailing respective responsibilities of business, operations, finance and tax
  • ownership of the end-to-end process
  • clarity of roles and responsibilities.


Without these, there will be risk events. This risk has been exacerbated by government demands. There is huge demand for information-sharing of citizens of different jurisdictions. As an example, in the near future, banks in Jersey will have to tell the UK tax authorities about assets and income that are held by UK customers in Jersey bank accounts. That requires substantive augmentation and improvement to client on-boarding systems so that the Jersey bank can identify UK customers when they walk through the door.


Global trend – tax information sharing
FATCA (Foreign Account Tax Compliance Act) is unprecedented in its demands on financial institutions but is part of a larger trend of information sharing of taxpayers across jurisdictions. There are already a number of Tax Information Exchange Agreements in place (eg UK Swiss tax agreement was signed in 2011). There is also the EU Savings Directive and the Qualified Intermediary regime.


A raft of new announcements in the past few months is taking it to a whole new level:


  • UK – Crown Dependencies Agreements: financial institutions in Jersey, Guernsey and the Isle of Man (the Crown Dependencies) will be obliged to automatically provide information to HMRC on UK resident clients in respect of 2014 onward. This is a global trend – it will shortly be EU wide and then probably global in the not too distant future
  • G8 announcement on 18 June: to ‘fight the scourge of tax evasion, governments agreed to give each other automatic access to information on their residents' tax affairs and to require shell companies to identify their effective owners’
  • G20 announcement on 6 Sept: committed to a new global standard based on automatic tax information exchange. OECD to draw up the standard by February 2014. Target is information exchange reporting from 2016 (of 2015 data).


What is FATCA and why is it important?
The Foreign Account Tax Compliance Act (FACTA) aims to prevent US taxpayers from using offshore accounts to evade tax. It obligates Foreign Financial Institutions (FFI)  (banks, brokers, administrators) to report information about US account holders by means of a ‘voluntary’ arrangement (the FFI Agreement) with the US tax authorities (the IRS).


While it has been badged as voluntary, in reality the penalties for failure to comply are so punitive that there is no choice but to comply. The penalty is a 30% withholding tax on certain payments to non-compliant entities, eg if a bank does not comply, then US entities and participating FFIs will withhold 30% from certain payments to the entity.

FACTA is important to FFIs because of the withholding risk and reputation risk. If you do not comply then that could cause a perception in the market that you do not have appropriate systems and damage your reputation.


FACTA has a worldwide impact for multinationals – it is global so there needs to be appropriate systems and controls. Every entity and branch needs to be classified and assessed. For an institution like Barclays with its spread and global reach, that is a massive exercise and Barclays has had a change project since 2011 to ensure it meets the requirements of FACTA.


UK legislation meant that it was not legally possibly to comply with FACTA because of EU data protection legislation under which data about UK citizens could not be sent outside of the EU. The workaround that has been established is that, instead, information is reported to HMRC (the home tax authority) which will then pass the information to the IRS.


Transfer pricing
Multi-nationals operating in a number of different jurisdictions need to have regard to transfer pricing. Where a company transacts directly with a customer, it sets a price and the market determines what that price is. However, if a Barclays UK entity transacts with a Barclays US entity then it is all internal and not subject to the same supply and demand that would otherwise set the price. To prevent the revenue and profit going through the country with the lower tax rate, transfer pricing legislation requires a company to put an arm’s length approximation of a fair value on internal transactions.


Typically, companies need to assess where the substance of the activities is undertaken. If all the work is done in a high tax jurisdiction then that is where the profits need to be shown. Additionally, the tax authorities would look for some profit – after all, if the transaction were external then the third party would not seek to just reimburse their costs. If there is no evidence of a cost plus basis the company will be charged by the tax authorities.


Where there are intra-group trading and transactions, internal audit should look for a transfer pricing methodology to be in place in every jurisdiction. The tax department should be putting that together in conjunction with experts including co-source where necessary. In addition, internal audit would want to ensure that the finance department, in conjunction with the tax department, is correctly applying the methodology.


Tax investigations and tax audits will happen – you cannot satisfy all tax authorities. All tax authorities want to see as much income as possible routed through their country – they want to have as much taxable profit and maximise their tax take, so being challenged by tax authorities is just the nature of being a global multi-national company. It does not necessarily mean that there is a control issue. If there are adverse findings and the tax authorities say that they disagree and they are going to levy additional fines because you should have been booking more of your revenue and profits in the UK, it doesn’t mean that it is a control issue per se.


Deferred tax assets (DTA)
Deferred tax assets can arise on temporary timing differences, difference between the tax base of asset and liability, but also they can arise as a result of tax losses. During the crisis, many financial institutions had material deferred tax assets.


In most jurisdictions, if you generate a tax loss then you can carry it forward. If in 2011 you generated a loss of £50m, that would give rise to a deferred tax asset of say £10m. If you started making profits in 2013 and 2014 then you would not have to pay tax as you could offset it against the tax losses that you generated in 2011.


It must be probable that tax profit will be available against which you can use a DTA. Management would make the case that recognition of deferred tax asset is justifiable on the basis of profit forecast. Internal auditors should look at the controls around the preparation of forecasts – you cannot have management anticipating forecasts of one position while another forecast is being used to support the recognition of a DTA – it has to be joined up and those forecasts have to be reasonable rather than based on heroic assumptions.


VAT/corporation tax/employment taxes
These bread and butter taxes are important even if they do not have the same impact on reputation and are not as high profile: 


  • VAT systems and processes are complex – Barclays has 50 or so system feeds that drive the UK tax return. Most multi-nationals will have a similar degree of complexity. There will be different sales tax rules in different jurisdictions and partial exemption is tricky as is reverse charging
  • increasing challenge from tax authorities – is there documented end to end process flow, and how is the VAT department monitoring the operation of controls?


Corporation tax

  • reporting deadlines are tight if you are a group because of the need to go to the market. Typically you have only four weeks post the finalisation of financial statements to get a materially correct tax provision figure. Often there is a circling back for tax return purposes when the figures are examined more closely, but if internal audit is seeing big differences between what is in the group financial statements and what is actually in the tax return, it would suggest that the tax department has not been as precise as it should have been for group financial statement purposes
  • compliance – appropriate reviews by people with sufficient experience
  • a consideration that IA has to make is on engaging co-source – for the majority of the people in the IA team, tax is one of the things that they work on but they would not be able to go head to head with the tax department on a technical analysis.


Employment taxes          
If you look at any company’s tax contribution, typically the largest part will be in relation to employment taxes: 

  • often calculated by HR but there needs to be an appropriate level of oversight by the tax department
  • expatriate tax – is there appropriate monitoring over expatriates and whether they are paying the right amount of tax? There need to be controls monitoring which jurisdictions people are flying into - where people are doing business can result in exposure from both the personal tax and corporate tax perspective.
Business report writing
Top tips for writing an effective business report.

Top tips for writing an effective business report.


In the business world the written word is king. It is by email, report, proposal that we seek to promote our ideas, our solutions, ourselves and our organisations. Our written work influences people’s judgement about us. The ability to write cogent, impactful reports is a key element of communication effectiveness.


An effective report is one that focuses on both its purpose and audience and is accurate, logical, clear and as concise as possible. It needs to have a form and shape – structure – to help the writer organise and present the material logically and for the reader to find his or her way about and to digest its content. 


The choice of structure should be determined by the purpose of the report and especially the needs, expectations and attention span of readers. Do not be a slave to ‘standard’ formats if they will not provide the impact you need.


There is a significant amount of advice available in this area, but here are some key things to consider.


Be focused, clear and concise
Consider what the report is to be about and who the report is intended for. Ensure you are absolutely clear on the purpose of the report. Focus on brevity and provide vital information in the least amount of space possible. Use appendices to cover detail and support information which will be of value to some but not all readers.


These are the building blocks of our writing. Use simple and straightforward language. Don’t reach for impressive vocabulary. Your aim is to explain or persuade, not amuse. Avoid jargon and technical phrases unless you know your readers are familiar with them. If they are unavoidable, make sure you explain them.


Ensure you consider what the report should cover and consider what your target audience will essentially be looking for. Make restrictions on scope crystal clear.


Know what you want to say
Clearly understand this vital premise first before you even start writing. Your writing must support, explain and emphasise your key messages. All content should support your overall objective.


Prepare an outline
Before actually beginning the task of writing a business report, prepare a thorough and comprehensive outline. This will ensure that you cover all the ground you need to.


Break down into chunks under headings, eg: 

a)    Title page (or title section) - include the report name, author name, and date. It's also a good idea to include the reason for reading the report. If longer, your title section could also include a table of contents. 

b)    Executive summary - maximum one page. Summarise the problem you're trying to solve, list the most important information or results, and detail any action steps that you recommend. This is where more senior and busy individuals will go first for information, and sometimes no further. This needs to be absolutely clear and succinct. 

c)    Methodology - describe the methods you used in your research to reach the conclusions you have drawn. 

d)    Introduction - tell readers why they need to read this report, and give a very brief overview of what you're going to cover in the main body of the report. 

e)    Main body - present your research, and make your case – and remember to present the most important information first. 

f)     Conclusion - analyse the results of your research, and bring everything together. Many people will also read this section on the back of the executive summary, so keep it short and simple. 

g)    Recommendations - list the actions you think readers – or the company – should take to solve the problem you're addressing in the report. 

h)    Appendix - include all of your sources and research information in detail. Few people read the appendix carefully, but this is the information and key pieces of evidence that supports your arguments, so it must be included.


Check the report and get other opinions
Does the report meet the objectives? Are the key messages clear and supported by the content of the report? Is the report consistent in content and style throughout? Perform a spell check and grammar check. Remember that spell checks don't highlight wrong words that are spelt correctly. Carefully proofread it twice and on the second occasion read it out loud. Then have the report read by others for an objective opinion as to whether it hits the mark.


Remember that commercial reputation doesn’t just rest with your character and values, it also rests with the quality and type of work that you produce. A thoroughly researched and thought through report will go a long way to demonstrate skills and the ability to then communicate this effectively through the written word.


Ingle Dawson – director, Inspirational Development Group

Have you made your CPD declaration?
Your annual CPD declaration for 2013 is due for submission to ACCA by 1 January 2014.

Your annual CPD declaration for 2013 is due for submission to ACCA by 1 January 2014. The easiest way to make your annual declaration is online via your myACCA e-business account. Alternatively, you can complete the CPD declaration form sent to you with your membership renewal pack in November. Visit our website for more information on your CPD requirements or for CPD opportunities.

Fulfil your management and leadership potential
ACCA has partnered with the Chartered Management Institute (CMI) to help members fulfil their management potential.

ACCA has partnered with the Chartered Management Institute (CMI) to help members fulfil their management potential. 

Accountants are an important source for future leaders in business. Indeed, 67% of CEOs of FTSE Top 100 companies have financial backgrounds. In order to fully progress your career you need to continue to develop your technical competence, strategic vision and leadership skills. The UK Commission for Employment and Skills (UKCES) reports that effective management and leadership skills were among the skill sets most prominently identified as a priority by members of the profession. 

ACCA has recognised the need to provide practical support to help you fulfil your management and leadership development training needs and has been working with CMI since 2010 to promote the benefits of CMI membership to ACCA members. 

CMI can now confirm that all ACCA members who have completed the ACCA qualification are eligible for both CMI membership AND for CMI’s qualified route to gaining the Chartered Manager (CMgr) award

ACCA members who apply to become a CMgr will benefit from a 50% reduction in the annual membership fee as well as from the recognition for the management development already undertaken as part of their ACCA qualification. Gaining the CMgr award will provide evidence that you have high level management skills. 

More information and how to apply