Pablo Pardo | If there is any type of organization in which, a priori, the task of internal auditor sounds like a challenge to a person’s psychological stability, it is a development bank. The Inter-American Development Bank Group (IDB) is no exception. It comprises 48 countries, has four official languages, and is the largest provider of development aid in the region. Its annual loan portfolio was around $15 billion (more than 12 billion euros) before the outbreak of Covid-19, which has boosted the institution’s activity due to the ravages of the pandemic in Latin America and the Caribbean. The Canadian-Brazilian Jorge da Silva has been the IDB’s Executive Auditor for eight years, where he heads a unit of 30 people dedicated to internal auditing.
When you read this interview, you may think “that’s all very well, but what works in a multilateral organization will never work in the Spanish Public Administration or in a private company”. Do you think that the IDB’s experience in internal auditing would be applicable to these organizations?
Yes. There is evidence that all organizations, regardless of their size or sector, tend to look for an internal audit system that adds value to their operations. What we have done at the IDB has been to demonstrate the value of having an internal audit that is involved in the organization in a different way, and the benefits that it brings to the Board of Directors and to those responsible for management. In many companies, audit is still very reactive; it is often the last unit to find out what is going on. If that is the case, how can the audit function be of any help to the institution? And the same can be said in reverse: if we internal auditors do not bring value to the management of the organization, why should they pay attention to us? Frequently, the frame of the debate is: “We are not going to invest in internal audit because they will tell us what is wrong with the organization”. This is based on a mistake: auditors should report what is happening, that’s all: not what is happening and should not be happening. Having a well-resourced and properly positioned internal audit unit is beneficial to the organization because it can provide valuable, unique and specific information that contributes to improving the decision-making process. That is the real added value of auditing.
Auditors have moved from dealing with accounting issues to analyzing data, reviewing best practices and even performing risk analysis. How does your department handle this permanent expansion of tasks, especially in an organization like yours, which is broadening its portfolio and range of activities?
Boards and management in organizations now have much higher expectations of the internal audit function, and for good reason, because the idea of “looking back and telling me what you see” which is followed by more traditional audit practices does not add value in the current organizational environment. In our case, we realized that the auditors had to change if they did not want to become irrelevant, so we chose the first option, and began to rethink our practices and make adjustments. The first step was to ensure that all audit staff understood and ‘bought in’ to the new vision. We then involved them in developing the new approach, and in creating new tools. We launched the new practices, always in communication with other parts of the organization, including the Board of Directors. Finally, we have been continuously improving what we had built, by exploring new technologies, improving our engagement with clients, and redesigning our products, including refining our data analytics capabilities and venturing into areas such as artificial intelligence. So, in essence, we have reinvented ourselves.
Give me an example of that transformation.
Over the past two years, every time we have presented the annual audit plan to the Bank’s Board of Directors, we have started the preparatory work by discussing risks at a global level. Since this is a multilateral organization, this perspective has an impact on the Board, and we have found the World Economic Forum’s risk analysis very useful in that process. The second step is a conversation about what potential risks other multilateral organizations similar to ours see, and the third step is the risk analysis of the large global consulting and auditing firms. We then combine these with information obtained within the IDB Group itself, and the result helps us decide on an audit strategy for the year that is the most useful to the Board and management.