Episode 22 | Josam Watson – CRO of Tyme and ex-CAE

The Assurance Show
The Assurance Show
Episode 22 | Josam Watson - CRO of Tyme and ex-CAE
/

 

Summary

Josam Watson is the CRO of Tyme, a digital banking group that owns one of the world’s fastest growing digital banks.

He was previously Chief Audit Executive of a large credit union. Before that, he spent time in internal audit, risk consulting, external audit and in banking operations.

Josam talks to us about what he has learned working in various international markets.

He shares his views on a range of issues including:

  • internal audit independence (spoiler: he thinks it is overplayed)
  • how internal audit and risk functions have the same focus
  • exerting influence in a positive way over organisational culture
  • Internal audit creating value – by focusing on both performance and conformance
  • why every auditor should have a data mindset, to find and solve business problems.

Josam enjoys networking with risk and assurance professionals.
You can reach out to him on LinkedIn.

 

Transcript

 

Yusuf:

Today we’ve got Josam Watson. Josam, thanks for joining us. Josam is the Chief Risk Officer of Tyme Global. We met quite a few years ago when you were at a banking institution in Australia, and then subsequently Chief Audit Officer for a large credit union here. I’m not going to give too much of an introduction, I’ll let you do that for yourself.

Josam:

Thanks Yusuf and thanks Conor. I’m from Zimbabwe and I’m proudly Zimbabwean, even though my country is not going through one of the best moments in history. I also pride myself for being Australian, my adopted country. In terms of professional background, many people when they see me in risk or in my previous roles in internal audit, they think that I have been in audit or governance for a long time, or that’s all of my career. But I started my career in retail banking as a teller, then worked in back-office operation,s dealing with investments. My first professional qualification was a banking qualification. I completed an Institute of Bankers course. In my first year of working, directly from high school, banking was one of those areas which was viewed with prestige. And my family were very happy when they saw that my first job after leaving high school was in banking. All they could think was, I would just go in and grab some money without actually knowing how this works – the banks create money. My career from there spanned retail banking, consulting services , investment banking and now risk and governance . But I’ve been part of the team that was doing the business, as well as consulting and working for Deloitte and EY. I see a lot of opportunities to redefine risk management being one of the few professions where standardized training doesn’t exist. If you are a lawyer, you go through articles of clerkship and get mentored by a lawyer. And then qualify through the bar. If you’re a doctor, you do your degree, then housemanship and become a qualified doctor. If you’re a pilot, you go through the same thing. But here we are a profession that is supposed to be helping organizations to protect value and create value. But you find sporadic processes. Most risk professionals are there by accident. Some because they were legal practitioners and, somebody decided that law is very close to compliance, so therefore our risk professional has to be a lawyer. And then you have got some accountants, and then what accident? Because they told me juggling around control. So make them chip, please copy says So there’s a lot do to you have people come through this profession through formal structured programs so that they can be better practitioners. I’m not advocating a program similar to being a doctor, but there’s an opportunity to uplift, yeah, the standard in the quality of risk professionals coming in.

Yusuf:

Okay. diversifying away from lawyers and accountants, just because they happen to know the language.

Josam:

risk management, an art, by and large, but also it requires a lot of science. the importance in the organization and the cost pressures, it will put in an organization if it’s not run very well, we’ll be far reaching. have been, privileged enough to work, in Africa, spent, sometime in the UK, in Europe? Australia. And, knowing Asia, in a regional role that looks after many countries, in all of these exposures, the variability that you see in risk management is something else and, am fortunate that I work in a financial technology company, FinTech , there’s no requirements floss because we are not a regulated entity and we are not operating here in Hong Kong, as a banking institution. but, my CEO recognizes the value of risk. And when you tip me for, this role,, we had a very candid discussion on why he wanted a risk professional, in our regular catch ups, you to talk about, He wants his chief risk officer to be a thinker, someone who has got the space to think and reflect not being too involved, but not being detached so that you’ll be able to advise. he’ll buck. So in the business. I see my CEO as a visionary who sees the value of risk in a way that, haven’t seen before. with that level of responsibility, it takes quite a lot to be very measured. And, do things that aid in creating value for the organization and protecting organization when you need to.

Yusuf:

You spoke about, getting into banking and then slowly moving into consulting and accounting firms and then getting back into banking, now of course you are chief risk officer of global FinTech. before this, you were within internal audit teams. What is it that got you into auditing in the first place?

Josam:

I didn’t have the privilege of going to university and going through university life growing up a little bit. It meant that I was, one of the youngest, people. our division. I was ridiculed for being the youngest. So I used to be a source of amusement. For my more senior colleagues. I, our, both, this was in a very exclusive Simba in Harare, very, very, very exclusive. And we’re living in the township high density areas. the only way we will be able to get to those areas where there was no public transport is staff bus. We used to wake up early in the morning so that we catch it. and then after very hard days where, you’re so exhausted. You’re not use to the rake off waking and you’re in a push away, everyone. They isn’t 15, 20, 30 years experience. And you are there. as a freshmen and, going back home, vividly remember one time when. I fell asleep on the bus and I only woke up, out of hearing a lot of love and saying Hey, why do we employ young kids? We are exhausting them. We should be letting them stay at home. So anyway, just the sense of, it’s just talks about how young I was and, how I felt that, I wasn’t in my environment and I didn’t have, connections, my age. But I continued to do my work, I realized that had more to learn more to offer. in my early days I would do overtime almost every day so that I would catch up. On the way, but after I get the hell of it, in the first 15 days of the month, I’ll be done with my wife I realized that I had capacity do more. I finished my banker’s diploma so much time at my disposal. And that’s when I thought I would take the opportunity to go to university. decided on bachelor of accounting science. it sounded sexy. And a friend of mine, Tell me as well to the institution and they were doing auditing. He indicated that that was the best course for me to do. And I wanted to carry a briefcase like. It was carrying and it was a source of pride. You’d say, what is in that briefcase? The only thing, I didn’t know that the briefcase said, it’s your sandwiches

Yusuf:

Yeah.

Josam:

And nothing else.

Yusuf:

Two pens and a wrapped sandwich. Yeah. Maybe an Apple.

Josam:

An Apple is for the healthy ones. I spoke to this friend of mine and then, encouraged me that, they become was obviously a very good way to go. So then started studying accounting via, distance education with the university of South Africa. And that cost, is as pure as it gets for young accountants. early on, I got this audit. lending it’s those first few units, that you do. And, it was quite exciting. but say the local time, I accelerated learning after completing my first year I could see that I was learning something, but I was unable to apply it on a day to day basis. So an opportunity to be found where I can do this study and implemented I then joined,, in accounting firms called Bubba robe and O’Connor, we just part of, at the Anderson. , you know about the Anderson, scandal so our fam was bought by EOI, so I didn’t continue to do agriculture during that time, Infineon. had a number of streams , for young accountants. the external audit stream. the internal audit stream and accounting stream. depending on which areas you were recruited in, would determine which stream we would go in. was in the, external audit one, but because of my prior banking experience partners were running, internal audit and risk consulting starting, to bring me into, the internal audit stream. for the duration of my training. I ended up spending almost 50% in Nixon audit. And 50% in internal audit in risk consulting. I found myself great mutating towards internal audit, as I could see that there was more influence

Yusuf:

And more than one risk.

Josam:

Yeah. More than one risk. So this area around, risk consulting, and internal audit was quite an eyeopener for me because I had a few carrier defining experiences or mindset defining. , I wasn’t involved, a review, for a bank that was going through a curatorship, so that the, it failed effectively and it was being managed by the Prudential regulator so that you’ll protect deposit money. So firsthand experience of seeing a bank going down and was involved in reviewing the risk systems, control systems when I lived in Hawaii, I worked in one of the fastest growing banks, in the country. it was started by two visionaries working for a bigger bank. it was the, fastest quote I have ever seen. very good in terms of brand. very good in terms of customer service. Their strategy spot on and their leadership was incredible. But one thing that didn’t catch up with all the growth. Was the governance and risk management capabilities. as an auditor in that institution, seeing things that led to the fall of that bank stayed with me in every subsequent role

Yusuf:

it makes you take your job very seriously, because you’ve seen the consequences of not having it in place.

Josam:

It’s not really validated with some of these studies that have been done in a corporate space. It is basic print, in organizations failing or where you’ve got these big scandals and the trend is number one, something would be known. So the real cause would be known number two, it would have been escalated one or the other. and then number three, it would have been discussed. But no sufficient action to address the root cause. all these condos you’ve seen, in Australia, you are looking at, the FX scandal you look at AML those external, independent, the reports done, post the event. in each one of those things will be known. , and escalated and discussed, but not sufficient action has been done to address the root cause. seeing it firsthand happening, in an organization, I was, in audit lead, often met at was picked up. And then, one year down the line caused the collapse was something else. I talked to young and upcoming risk provisionals. auditors’ things that you see are not small things, you’ll see quite a lot of things. And the meta is how you actually go about craft the message so that. people are several priorities would prioritize what you’re saying is a problem

Yusuf:

that’s an important point, right? there’s obviously lots of different priorities, as you say, lots of different risks and issues that are brought up or opportunities that identified, how do you, or how have you through your auditing career, and now subsequently your as Korea, but primarily through your audit in Korea, how do you. Differentiate between what is, and isn’t important to raise.

Josam:

a very difficult question. if I had a good answer. I would, the original It is the single, Biggest question for, and internal audit professionals. if you step back a little bit, how many reviews, typical internal audit function in a smaller bank or in a bigger bank, or many they do. If you’re talking about a bigger bank, they’ll run in the hundreds, for smaller banks, it can be, 20 as an example, or it can be 10. And how many controls across those reviews? Do your touch. You touch hundreds and thousands of controls. How many do you see you having issues? Quite a lot. yeah. touching about a number of permutations where you bring the best of what internal audit can do this way. You have a very, a good understanding of the key business value drivers, and linked to what you’re doing to this strategy would help you collaborate but there’s no silver bullet and there’s no formula to this. experience. judgment and, being an internal auditor was a challenge to the business and who thinks like a business leader, the Western you can do as an internal auditor is to think that, you know, everything India going to tell people, what to do. if you are in tune with what the business is doing, will be easier for you to get two way communication with senior leaders in a way that is more collaborative rather than. A more, I got to aspect. realized that some of the best audit findings I’ve raised, I’m calling them best because, The interaction between me as an artist and the business leader was responsible, for the area that I was looking at was positive. And, looking at this as our joint problem. where both of you are looking at an issue, right? No problem. as a problem that you both own internal audit and the business, you are more measured in how you, dress, the importance of it.

Yusuf:

at the right level of the organization because typically more junior people would then focus on the execution then on ownership of those issues.

Josam:

Yes. but I’ve put something to the contrary as well. one of the examples I have was that was dealing with a junior person. And, it was, quite insightful where you actually take time, listen to what they’re saying the way through to get a more complete picture. the temptation is to rush and, be more focused on, I’m going to deliver this audience. we live to issue an audit and audit committee is coming. We need to convict this. that’s one disservice you can do as an internal auditor if there is a pertinent issue, And it’s feeling and sounding like a pertinent issue. Sometimes it with it taking more time to understand and go through the value chain and see the interrelationships learn more. And you’ll actually find that sometimes what you are considering a problem is not actually a problem, but the real problem is hidden and you find it by accident.

Conor:

Josam, you mentioned there that, some of the best outcomes you’ve been involved in both as a risk and internal audit professional journey or career has been, where your teams have been able to influence decisions in the business and that’s because you took a more collaborative approach, should internal audit teams. And, risk teams be carving out more time every year as part of their work so that they do have that better understanding of the business

Josam:

Yup. agree. the challenge that, most internal audit functions have is, high turnover. and the tenure of internal auditors would be less than three years. that is not sufficient time. for an internal audit to learn about the organizations. Processes culture strategy, the value drivers it’s not enough. as internal audit professionals or risk professionals we play the independence. Cod and we say we are independent, so we don’t want to seem to be involved more. a disservice and, unfortunately our representative bodies. If I’ve been preaching a lot , about independence and using it, as one of the cornerstones a very good internal audit function doesn’t even use the word independence and they do not, Actively promote that know that it’s inherent in the way you conduct yourself. But do not consciously say if I do this, I’m going to be seen as less independent because at the end of the day, what you’re there for is to protect. value and create value in the organization and your objectives are not different to the frontline managers. If you see that there’s a difference in objective, be clean. Your frontline managers or your business managers and internal audit, then there’s something that is fundamentally wrong with either the internal audit function or the fund management. And that would be, that would be the case. remember, my time CA. and, the CEO there, I think he’s one of them, the, leaders. used to have chats about, the independent story of internal audit she Fight a lot to push the envelope you would do things like, asking internal audit to be part of, a cultural transformation program. I remember, speaking to CEO of a very big retail, company in Australia. I introduced myself and you said why does internal audit get involved in a cultural transformation program? Before I answered that. He then said, I like your CEO. he thinks differently and you can see, the value internal audit would be able to bring in an organization that is undergoing Tripp transformation. That. The coach off in general, what it is to be aligned with a cultural organization. talking about the indebtedness of internal audit in what you do on a day to day basis. I see value in that. the reason I reached up to that organization is they did a fantastic cultural transformation program, it shows in how the organization performing today. if typical internal data hearing you talk about culture in a way that I’m actually smiling right now, we think that there’s something wrong, but I see the, the value of internal audit being embedded and being closer to the business and being part of the culture

Yusuf:

which is very different from saying let’s take a CPS220 checklist and tick a few items off.

Josam:

I would say, such things, CPS220y checklists, Sarbanes, Oxley checklist, whatever checklists, are the greatest waste of, organizational resources, just to sit down and plan and say, I’m going to do a checklist or the standard or to meet the standard is not the right way to go. And, I know regulators, would kill me for saying this, they promote this, but they do a lot of decisions because there’s more, you’ll get. In internal audit functions, being involved in the softer things of the organization in influencing things, if you influence culture, you’re likely going to get far better, controlled organization than if you just ask them to do specific things that, are required in a checklist.

Yusuf:

I was going to ask you what made you leave the audit function, but obviously really good role working as a chief risk officer for FinTech. What I am going to ask you instead is what do you miss most about being in an audit team or working as an audit professional?

Josam:

my time as an auditor and in my time today as a risk professional, I see it is pretty much doing the same thing. If you’re doing it right. if you see a very big transition between what you do as an auditor and what you do as a risk professional, again, there’s something wrong. I would question that. Why is it so different when your mandate, is pretty much the same, what I really miss? I don’t know, but I still remember. the self imposed pressure, as internal auditors. this is one of those things that I don’t know where that will go. It, I miss that, but a lot of things that I find quite frigging, why we were giving ourselves, so much pressure. and, not giving ourselves time reflect and think more. at some point we became a bit too transactional and, too focused on statistics. if I completed these reviews, what percentage have I done? and trying to quantify almost everything, That’s one of the things, the other thing as well is what I call a forced audience. by the nature of being an internal auditor. And regulatory role that you occupy, you’re forced to meet, certain individuals. And, in some cases the meetings, we just have been because you’re there and, you expected to give those meetings, like, attending audit committees missed the engagement. like that One thing that I do miss is you get a lot of young people. in internal audit, nurturing young talent, green, enthusiastic, with a lot of energy. , that’s one of, the things that internal audit is gifted with and, if that could be harnessed more, that would be exciting. Audi does it got so much power, power and risk professionals the keys. how do you choose to use the power? I don’t know the aspect that I miss a lot is the networking, aspect of internal audit, internal audit as unlucky. That, AIAA presents them with networks and, was risk management has got a lot of networks. There’s a bit of a difference between, risk management metrics and internal audit. internal audit people tend to be more open. And share ideas, and be more specific I see in the risk space is more fluff and more trying to look good, and actually, uplifting, they’re proficient.

Yusuf:

talking about networks and working with others, you were still in an internal audit, Functioned right now. what would you have done and what would you say your peers would be doing, about impact of the pandemic the fact that, your internal audit plan would probably need to change quite significantly.

Josam:

the internal audit function would need to be more reflective. during this time. Yeah. the juice,, the rush to action at this point in time, in the middle of the pandemic. Everyone is trying to swim and, stay alive. being presented with that opportunity, or challenge would require a lot of thinking reflection and using time wisely. we talk about role of the board in terms of, conformance and in terms of, Performance. every internal audit function should look at those two dimensions and, assess the environment and say, What can we do in terms of conformance and what can we do in terms of performance and then overlay with the reality or what COVID is doing, to your organization’s performance and strategy.

Yusuf:

So obviously a lot of conformance work has been the backbone of internal plans, internal strategies and performance is something that we need to focus on a lot more. we should be focusing on a lot more and we need to focus on a lot more going forward. what do you see as role of the use of data in helping advance that

Josam:

if you look at this skill set of internal auditors, the majority, would have a . Background, similar to mine. so you get this homogeneous group of people, expecting them to do things differently. And she expects them to know the business, expect them to understand the business. you expect them to be very good communicators and influencers, and you expect them to. do everything. they’re troubleshooting. that’s a challenge. And, we will be asking, too much of our people that you select a sit in group of people with a certain kind of mindset and you want them to do everything. I would advocate four more diversity, in an internal audit function or risk function that you started to get skills, that are reflective of what the organization does. in one of those, things would be to, do things smarter, in a way that reduces operational costs

Yusuf:

I’ve got a particular bugbear at the moment. There’s risk associated with bringing financial auditors in and only financial audit is in to do internal audit work because it’s very difficult. to move from thinking about one risk to thinking about. 50, but that decide, it’s important to bring diverse, skill sets, diverse experiences into the team to get different perspectives. one of the things that we’ve been thinking about though is what are the base skills that internal auditors should have? And even if you do have specialists data analysts or data scientists which is important, particularly for, the more complex, more difficult, data work that needs to take place. One of the things that we’ve been advocating , for a while, is that. Really everybody within the audit team should be able to use data themselves. it’s part of the core skillset and using data doesn’t mean that you need to be able to write thousand lines of code and, use heavy, complex technology. you can use data within Excel spreadsheets. You can use data within visualization tools. You can. Profile data and do all sorts of things with data. when you think about the full gamut of what it is that we should be doing with data, and the fact that largely in most industries, we’ve moved from paper based to electronic recording of transactions, et cetera. every audit there really should have some level of capability in using data themselves.

Josam:

Definitely. a hundred percent agreed the analogy for that you remember when,, you didn’t have,, laptops or computers in the office and, if you hit to have, letter or a document written. you write it and then you’ll give it to the secretary who then tap it for you. And then you go and review and then you send the changes to the secretary and then they will they’ll write it. and then it goes out

Yusuf:

interestingly, there’s still some organizations that do that,

Josam:

okay. I don’t know where they are, but anyway.

Yusuf:

You will be amazed.

Conor:

some people still dictate their letters to their secretary. Still have them typed up.

Josam:

There’s a lot of quests that today. so if you look at that time you look at today, you have to do everything things that way. Historically, a resemble for secretaries to do. everyone has to do it. You have to, work on your computer type up documents, that’s a basic skill that it to be, lent by a lot of people. , and people went through that transition. Found it very difficult, especially, those actually started in a very paper based in Paris. there are some suffering the challenges of that transition that they cannot function unless something is printed out in hard copy. that’s the transition, which I would equate to the knee for having skills around, data for internal Adidas, the skills, I’m not just a technical, it can be just in the mindset. that’s where starting point is. the best line that everybody that should be able to think about the use of data in solving business problems. reason I give value do that. Yeah, that is we are in that age, where data is available, businesses that have data are valued more. Then businesses that not all data because you’ve got such an asset, critical thing is how do you actually use that asset? And if you’re an internal or data, and, in this day and age, you actually do not have inclination to think about the use of data. I don’t know what you’ll be doing.

Yusuf:

what you’re saying is that at the minimum, you need to be able to, think about, where the potential data sources might be and what it is that you could be using it for to be able to execute an audit. And that’s the, minimum baseline requirement.

Josam:

Yes. And I not say that. You absolutely need to understand the organizational structure from processes, systems, structures, people, and know that you actually need to have a very good view. I were to go back into internal audit a smaller organization where I would need to do a quick change. I would, spend a lot of time with my team to build the understanding of the organization as a whole one of the critical elements would come into data understanding what is it? weighs it you shouldn’t be thinking about that when you start an audit. So it shouldn’t be an organization or an internal audit function that actually continuously think about that. I want to explore data be comfortable in it. So that by the time you actually wants, to solve a business problem, you are not going through a voyage of discovery. to find things that can, and it’s so frustrating. And by the way, I talked about self imposed pressure self-imposed deadlines. Internal auditors put themselves in a trap by saying, I got to start this piece of work. I’ll start by this day. I’ll finish by this day and they’ll be measured by that and then start to create a lot of metrics around that. If you spend just little time, instead of focusing, on the process of auditing and what you send out to your stakeholders. and just about, the problems that you face as an organization and how you can use data to answer some of those questions it would be a, much better outcome than the process itself.

Yusuf:

What you mentioned there reminds me of like the very first audit that I did was with a. Paper manufacturing company 15 years ago now, but essentially the first thing that we did when we did that audit, and this was a financial audit, mind you not even an internal audit. The first thing that we did was we went out to the mall and looked at all of the raw materials and where they were being sourced from and where they were going to and how they would be put through various machines to create the paper that was coming out on the other end. And there’s a similar, not exactly the same, because that was a very specific business process. But particularly today where most of financial services in particular, but most other organizations as well are largely transactions, et cetera, are data heavy. And so you have data coming in and you have data processing through various applications and ending up somewhere. If you don’t understand how the data comes in and you don’t understand where it’s going through and where it’s going to end up. If you don’t have a picture of that, it’s very hard to actually audit it similar to how, if we didn’t understand what the mill looked like, where the paper came in, Wade went through how it was secured, how the different dyes were applied to it and how it would actually create an end point. We wouldn’t actually be able to do any audit work there.

Josam:

Yes, definitely. anyone who was involved in reviewing a process needs to see how things work a feel of that. first and it has to be contextualized so that by the time you actually sent for use your tools to answer those, questions, you have perspective and context.

Yusuf:

you spoke about understanding how things work. And I know within. Financial services and several other industries, there’s been, a move away from, thinking about things like, branch visits, ? So branch visits became lower this item, if you want to call it that particularly when we think about conformance, but just as an example, if a lot of our customers are visiting, the branch or customers are calling into a call center, And we don’t look at those areas then are we focusing on conformance risks or are we really understanding how our customers interact with us and what that could mean for reputation for the way in which we perceive for how we provide customer service? is that coming back? Are we looking more closely at frontline channels and how our customers interact with us? Or should we be doing more of that as auditors?

Josam:

Yeah, there’s nothing wrong with branch audit. I know that, in, in my last role is as a CAE, that’s one of the things that I said at Bridget, not having to do. and the reason is, it, it was contextual when we went in the organization and the way, for, I. it required me to make that attempt. as I reflect think about these things, even today in my role, should be a very, very close alignment between what you do as an internal auditor. To what the organization stands for. if, the strategy in your organization is to physical presence, some use techno channels, channels, if the strategy is that they focused on that, then you need to be attuned to that. And understand the sources of risks, from conformance perspective to performance perspective, it has to be properly balanced. the thing that I would advise, in general auditor looking at today is check your engine audit plan today. And check the CEO’s KPIs today. Try to marry them. If you can not marry the CEO’s KPIs and your plan, then you should be asking yourself why is there disconnect between those two? Because the CEO’s KPIs are linked to the strategy of the organization. The board wouldn’t put his KPIs or her KPIs if they do not believe that those KPIs would drive the strategic outcome . if you are working in tandem or in line with what the board wants, then surely it should be closely aligned with that, and you should be able to. So whether you are going to be sitting in branches, in call centers or understanding the digital interface between your organization and its customers all that should be a subject of where you are as an organization in terms of your strategic journey.

Conor:

So Josam, can I flip that sentiment on its head a little bit and get your views every organization has a strategy refresh every three years or five years or business objectives are planned for annually. Do you see any role for the insights generated by internal audit to contribute more in that refresh process? Yes, definitely.

Josam:

The biggest gift, an internal audit function. should provide, would be input to a strategy. and, it takes various forms depending on the organization’s maturity and where the internal audit is it. it will exit you did, internal audit. Plan or strategy would actually inform the strategy on a day to day basis. it should help tweak if the strategy is already there and it should help validate the strategy. And it should be able to give breaks breaks are quiet. at, Seaway, the reason I caught that is I was the CA so I had a lot of influence in terms of what internal audit would be able to do, as opposed to, my other roles were. I looked at one portfolio or just part of their portfolio. in, my final year, in that organization, as the function helped, the executive and the board, to think about how they actually align their ambitions. And longterm visions to the reality on the ground by actually spelling out things that needed to be there and in place before they can move very fast in technology has a unique role, in spelling out where the organization. Is it getting free consultants? Services to the organization in painting a picture of how they are traveling, towards, achieving their strategy. And the more that picture is aligned. With where the organization would be, the more they’re listened to. the more you’re align your messaging to the messaging or to the tone that you see from your board. And from executive management, you will be able to influence a lot if you are, an internal audit function and, what you do, doesn’t find in. It’s in any way in any conversations that happen in terms of the strategy, then it shows the level that you’re operating. It somebody say there’s no good or bad strategy. The key is execution. and the board will be in a position to say, we know that you have good, or these dreams just like every other organization. But yeah, the things that we are seeing from internal audit reports, that are telling us that you’ve got some execution. problems spelled out in a, B, C, and D. that conversation is a very good conversation that internal audit then influence.

Yusuf:

Excellent. Just some we’ve run out of time We’d love to spend a whole lot more time talking to you and I’m sure we’ll get you back on the show. at some point in the future to talk about specific items, know that you are pretty keen on, interacting with helping and networking with, other folk the risk and audit, sphere. How can people get hold of you? What’s the best way if somebody wanted to tap you and say, Hey, Josam, can you help me with this? So can you give me advice on this? What’s the best way for them get hold of you?

Josam:

LinkedIn works very well for me. I have had very good interactions and friendships from LinkedIn in terms of people reaching out and me reaching out to some individuals anytime just write me a message on LinkedIn, I’ll respond pretty quickly.

Yusuf:

Excellent. we’ll put a link to your LinkedIn profile in the show notes.

Josam:

That’d be great.

All: Thanks.