Address at 2024 Annual Meeting of the Chief Audit Executives from the MFIs by Anil Kishora, Vice-President and CRO, NDB
- May 21, 2024
- Infrastructure
- 0 Comments
Reforms and Internal Audit: Broadening the Role of Audit for ‘Better, Bolder and Bigger’ MDBs
Esteemed delegates, distinguished guests, and dear colleagues, a very good afternoon to all of you. I am delighted to have this opportunity to address you today. This annual meeting of the CAEs is being held at a crucial juncture when MDBs have embarked on a new journey. Let me start with a recap of some recent developments and then try to reflect on what these could mean for the internal audit function.
Over the previous few years, G20 has been engaging intensively on the issue of ramping up MDBs’ lending capacity. Capital adequacy ratios and related credit rating considerations limit the amount lending institutions can borrow from the global markets. In 2021, the Italian G20 presidency therefore launched an “Independent Review of MDBs’ Capital Adequacy Frameworks”. It constituted an external panel to look into the issues and make recommendations.
The panel’s report (on ‘boosting MDBS’ investing capacity’) was released in July 2022 under the Indonesian G20 presidency. Substantial work across MDBs is underway to execute on the panel’s 17 recommendations and sweat the capital MDBs have. There is a consensus that such efforts will lead to additional lending headroom- the World Bank has already announced $ 50 bn in additional lending over next 10 years and others too will contribute to the headroom. Estimates vary but MDBs think an additional $ 300-$ 400 bn should be feasible over the next 10 years.
Every extra dollar is welcome, but such additional resources may not be enough. MDBs are also following through on the panel’s recommendation to engage with rating agencies, and I am hopeful that the ongoing work under G20 umbrella will lead to evolution of newer approaches and increase in MDBs’ capacity to lend. In my view, some fundamental reforms in the way rating agencies look at MDBs’ capital adequacy, concentration and credit risk may be needed down the line.
G20 leaders are well aware of the necessity to ramp up funding to address global challenges.
In 2023, the G20 under the India Presidency commissioned an Independent Experts Group (IEG) to submit a report on ‘strengthening MDBs to address the shared global challenges of the 21st century’.
G20 recognises the central role of MDBs in mobilising resources for confronting multiple and escalating developmental, climate and other global challenges. Leave aside 1.5 Celsius climate scenario; even 2 degree seems out of reach. The world is off-track on achieving the SDGs. Additional spending of some $3 trillion per year is needed by 2030, of which $1.8 trillion represents additional investments in climate action, mostly in sustainable infrastructure, and $1.2 trillion in additional spending to attain other SDGs.
The IEG, co-chaired by N. K Singh from India and Lawrence Summers from the US, has delivered crucial insights into the scale of the challenges and a high level roadmap of the way forward. IEG’s catchy vision of “better, bolder and bigger” MDBs has gained traction and led to our shareholders calling for MDBs to be ‘better, bigger and more effective’. G20, under its current presidency of Brazil, is pushing for execution. This subject is going to stay front and centre in years to come.
The G20 IEG reports have provided a broad outline as well as specific recommendations to scale up the game. The tasks ahead are enormous. To succeed, our efforts need to be channelled and managed the most appropriate and cost-effective way.
Actions are essential on all fronts, but being ‘better’ is an absolute necessity if we are to be ‘bolder’ and ‘bigger’. In my view, the Internal Audit function, therefore, acquires a key strategic role. This is an area where ‘advice, insights and ‘foresights’ from internal audit will indeed be invaluable.
The G20 call is very timely. In the context of the reports produced by the independent panel and the expert group, we usually hear about “MDB reforms”.
For me, it is not about reforms but all about a long overdue substantive product upgrade. We live in a world where upgrades and new versions are a recurrent BAU phenomenon. Institutions shouldn’t be different.
As we know, the very first MDB, the IBRD started its operations, in 1946. ADB followed in 1966. All major global and regional MDBs were of the 1950s and 1960s vintage, until the 2010s when new entrants like AIIB and NDB joined the community. New entrants too have been significantly influenced by the vintage MDBs. Similar business, operating and management models, with policies, processes and approaches echoing one another’s are a unique feature of MDBs.
Banking and finance have seen tectonic shifts over the last 3 or 4 decades. Basel and other bodies have driven huge regulatory and governance reforms. Accounting, reporting and regulatory standards have changed by an order of magnitude. Best practices, frameworks and approaches in the areas of corporate governance, organisational structure, delivery models, investor relations, stakeholder management, HR policies, data management, IT, cyber security and other functions have changed significantly since the 1950s and 60s.
Despite massive industry changes, MDBs’ vintage models have sustained over the last nearly 8 decades. I think there are 3 principal reasons why the MDBs could resist disruption. A, MDBs are owned by sovereigns. B, these are self-regulated and not subject to rigorous market discipline. And C, MDBs’ balance sheet strength, unique skillsets, policy relevance and credentials of being trustworthy. Global MDBs are mostly rated AAA, even though only a handful – just 9 countries, accounting for 10% of the global GDP, retain their AAA status.
To be fair, MDBs have changed too. Over the decades, MDBs have been revisiting and refreshing some component or the other of the vintage model, yet that has not been enough to fulfil stakeholders’ expectations. We have not-so-positive country experience surveys to reckon. Issues around bureaucracy, flexibility, responsiveness, and ‘we know it better’ kind of mind-sets are part of the usual feedback. The good part is that in the wake of the CAF panel and IEG’s recommendations, MDBs are willing to change at scale and at speed.
A recent comment by Mr Banga showcases the challenge as well as the resolve to fix it. He observed that currently the approval process in the World Bank takes about 19 months, and he had decided to have a target of bringing it down to 12 months, because it is clearly better than 19!
More or less similar operating contexts prevail across all MDBs. There has been immense amount of peer benchmarking, cross-pollination and learning from one-another within the MDB space. This has had several positives. However, over-reliance on such within-the-community exploration runs a risk.
It makes us operate in a situation of information asymmetry, potentially leading us to pick up dated practices from within the MDB world or the legacy UN systems, without realising that there is a world outside too, which has discarded the very same elements for good reasons.
I am reminded of a seminal paper titled “The Market for Lemons” by the famous American economist, Nobel laureate George Akerlof. The paper brings out how information asymmetry can make buyers go for ‘lemons’ instead of ‘peaches’. Lemons are pre-owned cars which are found to be defective after purchase.
In the market for ideas, frameworks, and practices too, I believe the same principle applies. It is critical to broaden our search and reduce information asymmetry. Otherwise, the more we attempt to change, the more likely we are to remain the same.
In my view, the G20 –led new vision for MDBs requires us to learn from the outside world, willingly embrace changes and be ready for more shareholders’ oversight. It is heartening that the World Bank has set up a Private Sector Lab. It is a major path-breaking step forward. I hope such approaches for learning from the private sector percolate to all of us.
Now let me go back to the G20 vision. We need to be bigger. It calls for scaling up. We need to be bolder which by definition implies taking on more risk. We need to be “more effective” which requires fit-for-purpose policies, efficient internal processes and state-of-the -art external UI practices.
Driving on autobahns calls for sophisticated vehicles with smart dashboards. We also need strong braking and control systems. In my assessment, Internal Audit, is best positioned to provide those guardrails.
The bigger the scale, the more robust internal processes, organisational structures and oversight functions need to be. As MDBs scale in size and risk appetite, Line 2 and 3 functions will have difficult choices to make. Should we boil the ocean to surface all the gaps and non-compliances? Or, should we opt for 80/20 kind of approaches to generate the best ROI on time and money spent in conducting audit?
This makes me remember one of the longest-serving Comptroller-Generals of the United States, Elmer B. Staats, who advised his colleagues half a century ago to chase elephants or bears and not rabbits. Chasing rabbits can have disastrous outcomes. In 2007, a new CEO at BP made an institutional commitment to safety and mandated lids on coffee mugs while walking, and no texting while driving. This safety focus did not prevent BP’s Deepwater Horizon rig from exploding in the Gulf of Mexico.
Internal Audit will have to craft its way well to play its role in times to come. Allow me to quote from a message our DG Lourival recently sent us at NDB. It mentions how internal auditors work diligently, usually unnoticed, to ensure effectiveness of the Risk management, Internal Control, and Governance processes. Line 3’s job is to flag out the gaps. Now is the time to use these data points to provide advice, insights and foresight to strengthen risk, control and governance.
Let me now place before you a few questions, which hopefully might trigger some reflections and thoughts.
The first question flows from Peter Drucker’s dictum that you cannot manage what you cannot measure. Are the parameters for measuring operational and financial efficiency within the MDB community robust enough? Can we pick up some ideas from the non-MDB players to serve the idea of being better? My belief is that IA can help develop the right bouquet of metrics.
Second question relates to processes and controls. As institutions age, they generally tend to accumulate processes, controls and layers of bureaucracy. Is there a need to revisit these? Do we need some process reengineering?
Line 1 usually hates controls. Line 2 loves them. You the Line 3 need to judge and guide. You have to gate keep what is jettisoned and what is brought in. Remember internal audit can play a significant role in driving changes, while remaining mindful of ramifications.
The third question draws upon a general understanding that the more complicated a system is, the more susceptible it is to mistakes and manipulation. Many auditing failures have occurred at complex institutions. MDBs too are no less complex. For example, use of derivatives and valuation models for investments is common. We borrow short and lend long, taking on significant interest rate risk. MDBs, which report as per IFRS, have another level of complexity.
The fourth and the final point concerns our self-regulated status. Being self -regulated has its pitfalls. MDBs are exposed to huge fiduciary and agency risks. IA needs to explore the best way to audit these risks and make sure self-regulation works. Line 2 and Line 3 need to step back and consider the big picture, as well as the overall patterns and trends to find answers.
Let me end by recalling the BP incident which also highlights the importance of communication. An investigation into the incident revealed that management failures had crippled the ability of individuals ‘to identify the risks they faced and to properly evaluate, communicate and address them.’
I believe communication is an area which probably needs some more work. Effective communication is necessary to get management and board attention to drive meaningful remediation. I have found that the US Government Accountability Office audit reports are a good example of how well-articulated and concise reporting can provide meaningful and actionable inputs, without losing nuances, to support decision-making. I personally like their ‘Fast Facts’.
Let me conclude here by again underlining the strategic importance of Internal Audit in moving towards ‘better, bolder and bigger’ aspirations. Internal audit is well-positioned to support this evolution with “advice, insight and foresight”. Thank you.
New Development Bank