Helping management control their business
Deloitte partner Neil Brown helps businesses strengthen their internal controls and processes
Internal auditors used to have the job of policing, tracking down employees who cheated on expense accounts. People weren’t too happy to see them coming; every time they dropped by, someone got into trouble.
But the job of internal auditor has changed, says Neil Brown, a Toronto-based partner responsible for risk consulting and regulatory services. “Now there’s a growing realization and acceptance that all of management has a responsibility for controlling the business, and the role of internal audit is to help them do that.”
Internal audit is one of Brown’s specialties. “My clients come to me to help them strengthen their internal controls and business processes,” he says. Brown helped one broadcaster evaluate the risks of a new IT system. “The audit committee was concerned whether they were spending the money in the right areas. Was the project on track? Were they doing the right things? Would it compromise security?”
Then Brown looked at their business risks — such as the impact to the company if the project didn’t get done on time and within budget. What was management doing to mitigate those risks to an acceptable level?
Taking a big-picture look at risk
On any project, Brown and his team take a risk-based approach: “We ask: What are the business risks the organization is facing? What is the priority of each one? What is management doing to mitigate those risks to an acceptable level?
“Our job is to go in and say, here are all the things you think you’re doing to manage a risk in a particular part of your business — whether it’s environmental, HR, or financial. We assess whether all the things they think they’re doing are working, and whether people are doing all the things they are supposed to. Perhaps it could be done differently or more efficiently. Or perhaps it’s not being doing at all.”
One of Brown’s skills is developing relationships with executives and listening to their concerns so that he can identify the critical problems they’re facing and the points that trouble them most.
Plenty of issues worrying businesses today
Brown deals with a wide scope of issues and challenges. One of his clients supplies Wal-Mart and is struggling with the retail giant’s requirements for the volume of supply and the terms of delivery. Brown says there are plenty of suppliers who share that challenge. His standard advice to them: “Make sure you understand their specific needs and pre-determine your pricing and margin structures. It’s a volume business, so you need to be able to cope with the volume and deliver the volume they expect, with the level of support and service they expect.”
Still another company needed help on controlling the payroll. They were concerned that someone may have taken advantage of a payroll system that wasn’t watertight. Brown and his team were asked to review the documentation and determine if anything was awry.
Brown earned his bachelor of commerce from the University of Toronto and joined Arthur Andersen in 1985, first in the external audit practice, then on a two-year outsourcing assignment. He subsequently built Andersen’s outsourcing practice in Toronto and became partner in 1996. He joined Deloitte when the two firms merged in June 2002. He’s a frequent guest speaker on topics related to strategic outsourcing, internal audit best practices, business self-assessment and integrated business risk management.
As the Deloitte partner in charge of risk consulting and regulatory services in the GTA, Brown deals with clients’ senior management and audit committees on concerns like internal audit, compliance with the Sarbanes-Oxley Act to deter corporate wrongdoings, and environmental health and safety.
“When you’ve got a good relationship, you’re in a position of trust,” said Brown. “They know when they pick up the phone, we’re going to deliver.”