In 2017, I worked for an international development organization that was headquartered in Bangladesh, with operations in nine countries. That year, our chief audit executive (CAE) assigned me to a country office audit in Afghanistan. With the recent news of the fall of Afghanistan's government following the withdrawal of U.S. troops, I reflect upon my unique adventure as an internal auditor during those days.
As my flight descended on Kabul, I could see scattered greenery and the disorderly placement of houses and buildings through the land and mountains. Upon arrival, my internal audit team were welcomed by fine weather and a nice climate. We observed people busy with day-to-day errands and children playing in the streets.
Our opening meeting with the country head gave us an overview of the strategic challenges, operational context, project, and human resources capacity of our Afghanistan office. The country head explained that our organization had been delivering projects in infrastructure development, education, and health-care services using a community-based approach across many provinces in Afghanistan. The team outlined our audit engagement objectives to the country head and began the fieldwork.
From the outset, it was apparent that security was a real concern for expatriates working in the country. We were restricted from moving freely outside our accommodation premises at any time of day or night. For example, we were expected to commute between our accommodations and the office using an office vehicle, even though the two locations were on the same block and separated by only 10 to 12 buildings.
The golden rule was not to visit sites after a certain hour of the day and not to move around without a local guide. Our colleagues told us a story about an expat engineer who had failed to heed those warnings and was abducted during a visit to a project site. After months in custody, the engineer was returned safely and was sent home to his family.
Restricted in making site visits, our team used data analytics to look at the financial transactions from the project spending by the country office. By analyzing the mobile allowances of employees at field offices, we spotted discrepancies such as a variation of limits from month to month and an employee who received multiple top-ups in the same month. Textual analysis of signatories also flagged indications of unauthorized transactions.
Auditors working in Afghanistan must comprehend that local norms, behaviors, and cultural views are different from other parts of the world. The procurement team shared their experience of interacting with local contractors to enhance the use of appropriate documentation. Those contractors tended to find documenting transactions in writing unnecessary, noting that verbal commitments are strong, faithful, and conclusive. However, with some convincing and training, the contractors learned to use a standard set of documentation related to tender, bids, etc.
Engaging third-party, local subcontractors is the usual method to perform work because of restrictions for expats in certain parts of the country. Subcontractors' work was documented using photographs as evidence of completion of schools, infrastructure, and roads. This method was particularly helpful for confirming work was completed because auditors could verify the actual photograph alongside a completion certificate attached to project documents.
Toward the end of our audit engagement, I facilitated a day-long training session for the internal auditors of the country office, which enabled wider interaction and learning that had a positive impact among the team.
Four years later, the current conditions in Afghanistan raise the need even higher for public and private organizations to sustain a secure workplace and ensure business continuity. In my opinion, internal auditors in Afghanistan should focus on:
- Advocating for business continuity planning for the organization. Internal auditors should develop the required skills or engage experts in the field to guide and advise the organization's leaders on the need to train employees at all levels to ensure business continuity.
- Ensuring the safety and security of the internal audit team and all employees. CAEs must give clear instructions on how to address security concerns. For example, auditors should limit site visits, use local guides, and receive updates about current news from the public relations function.
- Using data analytics and remote auditing techniques. It is time for internal auditors to learn to use modern analytics applications to achieve audit objectives, as business activities are vulnerable to internal control failures and fraud.
- Developing robust policies and procedures for the organization. Internal auditors must step up as trusted advisors and assist business leaders in establishing documented, comprehensive organizational procedures.
- Hiring and training local internal auditors. Having local internal auditors in the team will benefit the department to accomplish certain aspects of assurance or consulting engagements. The youth are talented and ready to take on challenging roles.
During my stay in Afghanistan, my 3-year-old daughter Yusairah used to call me and ask in her tender voice, "When will you return from Abbanistan?" My team returned home safe from "Abbanistan," and the memories shall live long and fresh in my heart. Specifically, the kabab and naan — meat and flatbread — will be difficult to forget. I remember the conversations with the local people who were so good-hearted. The climate was so blissful, and the entire city of Kabul looked enriched by the natural beauty of mountains and valleys.
For now, the people of Afghanistan have been displaced, are devasted, and face insecurity. We all should pray for and support the people of Afghanistan to sustain peace, security, and prosperity for future generations.
Kamal Uddin Gazi Jishan, CIA, CRMA, is internal audit manager at Ali Bin Ali in Doha, Qatar, and a 2018 Internal Auditor magazine Emerging Leader.
Want to be a part of Your Voices? Click here to learn how to contribute a blog post.