THE Institute of Internal Auditors Zimbabwe recently held its annual conference in Vitoria Falls.
At the end of the conference, a new presidium headed by Tafireyi Nyamazana (TN), was elected.
It will lead the organisation for the next two years. In this interview with our deputy business editor, Tatira Zwinoira (TZ), Nyamazana discloses several issues affecting the profession.
These include exchange rate disparities, cybersecurity breaches, and fraud. But he notes that the profession was on top of the situation. Below, are excerpts of that interview:
TZ: What are the challenges facing internal auditors today? I understand cyber security related risks, fraud and hyperinflation are among these challenges
TN: We align with a lot of what the Risk and Focus Report 2024 (which was released at the conference) is saying. I think the idea is to say what are the key risks that we are facing as an industry?
Some risks are more important than others, depending on where you are sitting in the industry.
We know that globally, the world economy is not doing well. We know that China (the world’s second biggest economy) is not growing as fast as it has normally done.
- ‘Bribe-taking bigwigs stifle corruption war’
- Internal auditors are dealing with many emerging issues
Keep Reading
So that is a big challenge for the profession. This challenge is not just for the profession but for organisations and economies.
If organisations suffer, everyone in that organisation suffers.
If the country suffers, then everyone in the country suffers.
In Africa, Zimbabwe in particular, we have had our own challenges. Some of the challenges are arising from internal issues. But others are arising from externally related issues.
TZ: What is the role of the internal auditor in all these scenarios that you have outlined?
TN: As an auditor, you want to understand these issues, which weigh organisations down, and come up with controls to make sure the organisations survive, even though the environment may not be good.
TZ: Tell us about cyber security threats as a challenge to internal auditing
TN: We know that issues of cyber security are being encountered daily in Zimbabwe. But when you are attacked, you donot go around telling people.
TZ: So, you are saying auditors are finding these things and organisations are keeping them to themselves? You mean organisations are not letting auditors know that they have been hacked or there are scams happening?
TN: Generally, organisations will not go on the rooftop. We are at that stage where people think this is shameful. To me, when someone tries to hack you or phish or implement similar scams, it is like someone who has tried to rob you.
People donot talk about those things openly. But, we know that these things are happening within Zimbabwe.
TZ: Tell us about statistics on cyber-attacks.
TN: Hundreds of millions of attacks are happening globally all the time. Our role is to say to organisations, ‘have we put the controls in place?’ The best controls are to make it as difficult as possible for (a cyber attacker) to intrude into our systems?
TZ: How can this be achieved?
TN: If, for example, you didnot lock your doors, there would be room for someone to come in.
If you lock your door, they will still try to come in but struggle a bit. If you put bugler bars and CCTVs the intruder would be less inclined to go into your home. That is what we are trying to promote and push organisation to do.
TZ: Can we have full proof controls?
TN: There is no control that is going to be 100% perfect.
The idea is to make it as difficult as possible for someone who wants to penetrate an organisation to do so.
TZ: Do you report to authorities when companies are hacked, and when there is fraud?
TN: It is not our responsibility to go and report to anyone. Remember, we are internal auditors.
Our responsibility is to our board. We prepare and give relevant information to our boards and senior management. But we are not waiting for the companies to be hacked. I think that is where we must be clear.
As internal auditors, we are proactively going up front to put certain controls in place so that we can minimise or deter hackers or intruders from going into our systems. One of the most effective ways to do this is to create awareness in the organisation. It is the most effective deterrent.
TZ: Besides these challenges, do currency volatilities facing Zimbabwe make the job of an auditor difficult?
TN:Yes. Seriously, how do you report your income when you have a number of currencies to deal with?
TZ: Now we have the Zimbabwe gold (Zig) on the way.
TN: We donot know what that means. But look, we are just banking on authorities. Whatever policy that they are putting in place is to try to manage and contain the situation and make it better.
How many times have you gone into a shop, you give them US$10 and the person prints you a Zimbabwean dollar receipt?
When such things are happening, they are fertile grounds for fraudulent transactions and obviously those are the sort of things that worry us as internal auditors. When you go into such situations, you are creating room for such practices.
TZ: Would you say that the lack of legislation to give or to enforce that organisations listen to the recommendations made by the auditor is also a problem?
TN: We agreed at the last AFIIA (African Federation of Institutes of Internal Auditors) conference to give a team leeway to draw up principles around legislation around the internal audit function.
And once those principles are drawn, they will be shared with us, the affiliate organisations so that we can give our input before they are finalised.
But at the end of the day, you might have the best legislation in the world but there are things of ethical conduct, things of value which are very critical for us as a profession.
