control, and governance
20 Under 30 — Page 2
In the space of just seven years, Alexandra Kirsanova went from internal audit intern to chief audit executive, and a former colleague describes her as “one of the brightest and the most enthusiastic internal auditors in Russia.” In fact, she’s in the first wave of professional internal auditors in that country. “I consider a key factor of my success my readiness to assimilate a new profession when it was in the process of active formation,” she explains. “In the Russian Federation, the internal audit profession is rather young, and the local institute of The IIA was only established in 2000.” For her own professional development, then, it was necessary to “travel extensively all over the country to be engaged in internal audit projects, study hard and pass the IIA certifications exams, find ways to gain worldwide experience, and, of course, be ready to learn from my own mistakes.” She says she believes in passing that knowledge on, too, both inside and outside her organization. She participates in various activities of IIA–Russia, for example, by making presentations at meetings and taking part in roundtables. “It is especially important that she promotes the internal audit profession not only in Moscow, but also in outlying regions,” a colleague says, including the Nizhny Novgorod and St. Petersburg areas. Her proudest achievement, she says, is the success enjoyed by the internal auditors she’s trained. “The majority of them previously had no experience in internal audit, compliance, or risk management,” the Moscow State University of International Relations graduate says. “I am proud that they achieve professional success, pass IIA certification exams, and move ahead on their career paths.”
Knowing what needs to be done doesn’t help much if you can’t communicate it to the people who need to do it, and nobody understands that better than Michael Levy at Deloitte in Philadelphia. He specializes in the design, implementation, assessment, and optimization of business processes and general IT controls, and boasts significant experience in identifying and assessing controls and performing risk assessments, Sarbanes-Oxley Section 404 audits, and IT audits. “An internal auditor’s job is to independently evaluate and help improve an organization’s effectiveness around risk management, controls, and the governance process,” the Rutgers University graduate says. “A key to achieving these objectives is not only the ability to identify issues, but to communicate difficult issues and help determine solutions. One of the most significant keys to my success is my ability to formulate solutions to complex issues and to communicate productively the findings and solutions to both stakeholders and process owners.” He’s put that skill to use as the lead senior consultant on a global internal audit project for a large chemical manufacturing company and in leading the internal control over financial reporting audit for a multibillion-dollar retailer, including development of testing approaches for some of the company’s most complex areas. “The role of internal audit is evolving into a critical component of every successful company,” he notes. “Internal auditors no longer just review financial statement controls; the role has evolved into that of a trusted business adviser who helps lead an organization to success. As the profession continues to grow, I predict this role will become an even larger, more integral part of a company’s ability to drive compliance, operational efficiencies, and overall success.”
Having had a lot of guidance in his career, Jesse Cohen gives the people who helped show him the way credit for his success. “I’ve been blessed to have a long line of extremely talented and gracious teachers who have taken the time to share their collective knowledge and wisdom with me,” he explains. Clearly, some of their talent has rubbed off. After graduating from the University of Memphis and earning a masters in business administration from Louisiana State University, Cohen went to work as an international auditor, traveling across multiple continents while performing factory operations audits, business unit financial reviews, and fraud investigations. Cohen also was instrumental in developing his previous employer’s first global integrated audit management software platform. At his current post, he led his company’s first Foreign Corrupt Practices Act (FCPA) compliance review and subsequently helped to establish a world-class FCPA compliance program. Cohen has recently taken supervisory responsibility for all audit activities in Mexico and Brazil. He also developed new analytical tools and reports that assisted his team in recovering almost US $13 million in unpaid vendor funding during just one fiscal year. At the end of the day, though, Cohen has learned that balance is the key to a successful career. He offers this advice for the next generation of auditors: “It’s important to maintain an appropriate perspective on your work-life balance. For all its positives, audit isn’t the easiest career in the world … the hours can be long and the demands high. The key is to remember that no one ever looks back at their life and wishes they had spent more time working.”
Vice President/Principal Auditor for Corporate Banking and Securities
Deutsche Bank AG
Stella Hu has built her present and future on the solid foundation of her past. “The key to my success is growing up in a family dedicated to the core values of integrity, ambition, and diligence,” she says. “Seeing my parents build a small business from the ground up, I witnessed how determination, hard work, and principle lead to success. As I bring these values to the internal audit field, I set expectations and strive to exceed them throughout my career.” And, she adds, “I have learned a great deal from my talented and dedicated colleagues, and have had the support of many mentors, both in the United States and globally, who have encouraged me to pursue my goals and provided opportunities to broaden my professional abilities.” One result of that: The University of North Carolina at Chapel Hill graduate is the youngest vice president in a global investment banking audit department with nearly 400 staffers. Hu’s been promoted three times in the last five years and coordinates staff in New York; Jacksonville, Fla.; London; Hong Kong; and several other international business centers. Now she’s involved in what a colleague calls “a high-profile audit of a commodities business headquartered in London” that involves directing staff there, in New York, and Singapore. She also has made valuable contributions to theme-based audit engagements, such as risk management, payments, and “portfolio margining” by identifying high-risk issues related to payment authentication, collateral management, and valuations. Her professional accomplishments are mirrored in her personal life as well. She is proficient in both Mandarin and Cantonese Chinese and is semi-fluent in French and Spanish, is an accomplished pianist, and has participated in the Royal Conservatory Music program for almost a decade.
First and foremost, Hui Jing Teo attributes her success to keeping an open mind. Doing so, she says, “leads me to consider different perspectives of risks and controls, enabling me to make an informed assessment of risk management in the organization.” That’s especially important, she adds, because her company has various teams and organizations that only manage parts of a single end-to-end process. “When providing recommendations,” she emphasizes, “keeping an open mind about the implications of changes also has allowed me to make more actionable recommendations to the organizations instead of high-level suggestions.” Of course, she also values a deep understanding of the technology that increasingly powers the profession. “Companies around the world are becoming more aware of the concept of risks and controls and, as they look to be more productive, there will be greater dependence on IT systems within a company and more network linkages outside the company,” she says. “Many controls we see today might be executed through IT systems in the future, and in the next 20 years the internal audit profession will shift to auditing more IT system-type controls and there might be a blur between the scope of work of an IT auditor and an operational-financial auditor.” Today, though, the graduate of Nanyang Technological University in Singapore busies herself with more traditional internal audit functions. She’s successfully led and executed several complex, large worldwide, regional, and country-level operational and Sarbanes-Oxley audit projects and, according to a colleague, many of her findings have resulted in “impactful improvements to business processes.” She also helped in improving her department’s audit processes. Two examples: She developed standard audit programs for customer discounts and promotions processes for her division, and she assisted in improving the efficiency of its Sarbanes-Oxley assessments.
Hugo Alhinho sees tremendous change on the horizon. “The days of planning audits on a rotational cycle of three to five years are gone,” he says. “The dynamism of the business environment is forcing companies to evolve or dissolve, and internal audit needs to keep pace with the business and audit the strategic risks to ensure the evolution is effectively planned and the associated risks are identified, evaluated, monitored, and managed.” That means, in part, he adds, following those changes by conducting investigations and audits to ensure that the organization’s process control framework still represents the right risks and controls. But it also means “anticipating the industry-related risks and ensuring that discussions occur at the highest levels to review the external environment and pre-plan transitions to maintain or enhance market position.” The graduate of ISCTE-IUL: Lisbon University Institute joined Shell Internal Audit at the start of a project to address the company’s “big data” environment through continuous and, where possible, fully automated, substantive controls testing, and his work has delivered what a colleague calls “a step change in the way audits are planned, executed, and perceived globally.” He’s credited with helping to identify exceptions and efficiency gains that were not visible through traditional auditing, significantly improving financial quantification of those exceptions. And he’s assisted in developing a technical infrastructure to homogenize disparate data, facilitating cross-application reporting and thus providing deeper insights into hot spots by location, business, and process. “I see the future of internal audit focusing more on data-driven investigations and audits,” he says. “That will require a different, hybrid skills set with internal auditors required to understand the financial-operational and technological impact of their work.”
Sarah Purkeypile says she owes much of her success to her involvement with The IIA — and her willingness to ask questions when others might not. “The key to success is a great network,” she emphasizes. “I quickly developed a network through my work with The IIA locally and across the United States, and have also kept in touch with people I have worked closely with over the years.” She tapped that network for career guidance, ethical advice, best practices, and professional references, and has introduced others when she saw needs, opportunities, and skills that fit together. A colleague says that she’s “the go-to person for training new employees, template development, and engagement methodology expertise,” and notes that, at a former employer, the Texas Tech University grad developed and implemented an internal audit engagement methodology to prepare for a successful external quality assessment. Now, she participates in assurance and advisory engagements from front-line, customer-facing process audits to back-office, revenue-impacting engagement reviews. She also mentors, coaches, and supervises teams in day-to-day activities, status meetings, and strategic discussions with executive management. In her capacity as president of The IIA’s Denver Chapter, she makes presentations to local universities about the internal audit certification processes and the importance of the internal audit profession. “Don’t be afraid to put yourself out there and take chances,” she advises. “You’ll never receive anything you do not ask for!” It’s important to ask for a new challenge when you feel underutilized, she urges, and to ask questions others are afraid to ask. Ask management what it needs to get its job done — and then help connect managers with those resources, she adds. “In short, ask yourself how you can make your organization better.”
Brandon Tanous is successful because of his desire to learn and his ability to listen — and his zeal for imparting internal audit insights to clients and colleagues. The Texas State University graduate helped transform his agency’s audit shop from what a colleague called “a feared, inspection-based audit group” into a control-based and client-centered audit department known for educating and assisting clients. He mentors and teaches audit staff on the theory and application of audit standards, and educates clients with his self-termed boot camp, “How to Prepare for an Audit,” and courses such as “The Transformation of the TX DPS Office of Audit and Inspection” and “Internal Controls and the DPS Assurance Continuum.” Those presentations — and the people skills he uses to make them resonate with his audiences — have made his audit shop stronger and more approachable to clients. He also has presented courses at the Texas State Auditors Office Conference, The IIA’s Southern Regional Conference, and the International Law Enforcement Auditor’s Association Annual Conference. Last year he co-authored and published a case in the Association of Certified Fraud Examiners’ Bribery and Corruption Casebook: A View From Under the Table. Tanous also leads a team that develops risk and control self-assessments. His efforts, a colleague reports, are building a foundation of risk management in an environment that does not naturally support the concept. Still, Tanous says the professional accomplishment he’s proudest of is obtaining his CIA designation. “The certification process was a long and tedious endeavor that helped establish my credibility to clients and colleagues,” he says. “I feel that obtaining certification took more dedication and attention than any other task that I have faced.”
Russell A. Jackson is a freelance writer based in West Hollywood, Calif.
Also in this issue: