Internal audits are a complex process. They’re filled with hordes of complicated, detailed procedures and take a certain kind of person to ensure compliance. Fortunately, for Montréal-based telecommunications company Cogeco, Elizabeth Alves loves the field. On a consistent basis, she taps into her passion to add value by helping the company improve the effectiveness of its risk-management, control, and governance processes. Since arriving in 2008, Alves has built the internal-audit function from a team of one (herself) to a team of 17, proving not only her worth but that of internal auditing in the process. Here, she takes us through the process of building an internal-audit function from scratch and how that vision has helped the company in supporting its future.
I don’t think I had a clear approach in my mind as to how I was going to implement the audit function at Cogeco, but I knew the key factors to make it work. I had to gain credibility from the senior management team quickly in terms of my professional skills. I also had to adapt to the culture of the organization and proactively sell the value of internal audit—not a skill that we internal auditors are very good at. I was not concerned with the professional skills aspect, but the Cogeco environment was very different from the one I was used to at my previous employer.
ING Canada is a company with very mature risk, control, and governance processes whereas Cogeco is more entrepreneurial. I was dealing with a different maturity level in terms of overall processes, and I had to be cognizant of that and use a different mind-set. If I had tried to apply the same framework as that of ING, I would have failed in a big way.
I’m someone who adapts to change easily, and I can recognize when change is required. The challenge was to define and implement a framework that would seamlessly fit in with the Cogeco culture. Understanding stakeholders’ needs was a key step. I took the time to introduce myself to the management team and get their input and impressions. What was funny was that the expectations were not very high because they really didn’t know what an internal-audit function did and how it could add value to the organization.
How Are You Growing?
Overall revenues in 2013 were $1.8 billion. They’re projected to reach at least $2 billion in 2014.
In only 6 years at Cogeco, Alves transformed the internal-audit function from a 1-person operation to a staff of 17
I figured that I had to provide tangible proof of the value of my services and decided to perform a couple of audit reviews right from the start. Immediately after those reviews, I found areas of improvement that had to be addressed and which could significantly improve operations, and the feedback obtained was extremely positive. I also implemented the basics like an internal-audit charter, a risk-assessment process, and a methodology. Then I got more and more requests to do other specific audits. That’s when I started asking for additional resources to meet those needs, and it grew from there.
If we look at Cogeco itself, compared to other companies in the same industry, we’re not the largest player, and we’re not the smallest. So it’s perfect for an internal auditor. One of the things that I appreciate here is that after six years, my department is truly recognized as a valued business partner. Not only did I grow in staff but in my responsibilities as well. I started just with the basic internal-audit activities and then added the antifraud program, the risk-management aspect, financial compliance, and so forth. Now we’re considered an important pillar of the overall governance structure, and we truly benefit from the full support of the organization.
In my approach, overall, I try to be very proactive and bring ideas to management as to how Cogeco can better manage its risks. That’s part of my whole value-added approach: bringing something more to the table than just the traditional audit approach. I was in the process of doing my certified fraud-examiner designation at one point, and I felt that implementing an antifraud program was one way for Cogeco to be more proactive in terms of risk management. I talked to senior management about it and got the go-ahead to implement. Being granted responsibility for coordinating overall risk-management activities in March of [last] year was very rewarding for me—and further proof that management has faith in my team’s ability to support them at this level. Our role is to help Cogeco develop a process for identifying, assessing, and prioritizing risks, and then support the development, implementation, and monitoring of plans to minimize or eliminate the risks identified.
Corporate social responsibility is a newly granted responsibility for my team as well. I was excited about this new area because I don’t have any specific background or experience at this level. It’s an opportunity to develop a new skill set, which is something throughout my career I’ve tried to be on the lookout for. At the end of the day, it’s about rising to new challenges and continuing to maximize the value, impact, and influence of my team’s services.