By Jannies Burlingame
On December 9, 2020, the Institute of Internal Auditors, Los Angeles Chapter hosted a virtual holiday party, keynote speaker and panel discussion with our community partners: ISACA Los Angeles, Innovation Shipyard Alliance and ISC2 Los Angeles. These non-profit professional organizations have a combined history of over 130 years! The global audience comprised over 400 registered attendees including members from Rio de Janeiro, Canada, London and India. To get into the holiday spirit the leaders of each organization provided an entertaining summary of 2020 reflections set to the tune of “The Twelve Days of Christmas.”
The event kicked off with a dynamic keynote speaker, Ms. Traci Brown. Ms. Brown authored the field guide on “How to Detect Lies, Fraud and Identity Theft” and was named by Time Magazine as one of the nation’s top deception detection experts. Her presentation centered on the art of detecting lies through nonverbal and verbal cues. For example, even if the words spoken are different, individuals are “screaming the truth through their body language.” As part of her presentation, Ms. Brown engaged me in a game of “2 truths and 1 lie.” The audience was able to witness her techniques in action while being entertained by the lively illustration.
The theme of our panel discussion was “Describe your work situation when the pandemic occurred, and how are you reimagining the future as a result?”
Panelists and Moderators
- Ms. Stacey Schabel (SS), CAE for Jackson Retirement Services, North American Operations for Prudential
- Ms. Kimberly Allain (KA), Sr./AVP of HR Operations for Cal Poly Pomona
- Mr. Thomas Phelps (TP), CIO Laserfische, Adjunct Professor at University of Southern California
- Ms. Elena Ceja (EC), National Director of Business Continuity Management of Kaiser Permanente
- Ms. Debbie Lew (Moderator), SVP of Audit for Kaiser Permanente, President of ISACA LA
- Ms. Jannies Burlingame (Q&A Moderator), Chief Audit Executive and President, IIA Los Angeles
Panel Questions and Answers
What was your situation/challenge when Pandemic occurred? What was it like for your department?
(SS): Our Initial response was to get everyone working remotely. First order of business was to roll tools out to individuals, closely engage with business continuity management, and keep the team moving forward. Once the work force was on track, our focus quickly moved to the people—connecting and supporting people, making sure that there were clear expectations so they could feel successful. We looked at how organizational risks were impacted and worked with risk management and legal/compliance teams. Our time was focused on fraud prevention, disbursement and trading activities. Flexibility was critical and that needs to continue. Internal auditors changed 65–75% of the audit plan when normally they would change 25% from year to year.
What does the “new normal” look like?
(SS): As internal audit service providers, it will be largely determined by how the business will look and work. If the business is in-person, then we will perform in-person assessments. It will be important to consider the talents on your team. It has become more important to utilize RPA and AI. Agile auditing and Kanban have become more prevalent too, and many people see the value in these approaches.
From an HR perspective, what was happening when the pandemic hit? Was remote work set up?
(KA): In 2013, we did a pilot after which the idea of remote work was shut-down. Remote work became a reality in March of last year when the pandemic hit. That transition was immediate, and we developed remote work agreements quickly. We used to say: “we are working from home.” Now we say, “we live at work.” What it takes to be a great employee and a high performer is no longer the same. Some high performers could not adjust to being at home. The workplace needs to be a hybrid model in the future. We are learning a lot, we may not be sure what the future will look like, but we know it will not look the same.
When we first started remote, people realized that sometimes you do not have the luxury of working from 9 to 5. They started having managers focus on outcomes. Skillsets such as empathy, trust, compassion are deemed essential (not soft) skills by our president. When everyone went virtual, each manager created work plans and deliverables, and they found that you need to communicate more as a leader. Performance expectations were outlined in the remote work agreement.
When the pandemic hit, what was your company’s stance from a business continuity standpoint?
(TP): My role was the emergency preparedness leader. As Chief Information Officer, I was also leading the transformation team. We had performed a comprehensive risk assessment and identified critical processes. We also set two important plans in place: Business Continuity and Crisis Management. We must be agile. We cannot sit for hours and days debating what we need to do. Culture is the biggest impediment to change and technology adaption. Our decisions included determining what to do to support employees with kids, and who needed to be taken care of first. Our IT team scheduled hourly sessions with each employee to set up mobile hotspots and make sure they had access to critical networks. We reactivated all card key readers for security purposes. In early March, we tested remote work for a day, and the next day everyone came back to debrief. Then, everyone grabbed their work equipment and headed home.
Has there been an increase in security incidents?
(TP): Yes, hackers don’t rest. There was an uptick in phishing attacks, scams and charity scams. When employees work from home, you are expanding your security framework to their homes. We focused on only allowing access to areas that employees need. Security considerations are critical.
How do you reimagine the future?
(TP): I am an advocate of flexible work. An employee’s laptop should be the only office they need. We didn’t have a work-from-home culture before. Now, the executive teams are exploring it as an option long term.
How was your business continuity plan initiated during the pandemic? What was happening to the hospitals and command centers?
(EC): One of the first things we started seeing in hospitals were things that are “walking away.” Among the things that disappeared were masks, hand gels or anything that was not bolted down, even toilet paper. We had a dedicated team of business continuity professionals who determined priorities. One of the first priorities was vendor shortages. We needed to maintain the ability to manage supplies because we were competing with all healthcare providers (local, state and global levels). Kaiser had to centralize personal protective equipment, physically secure supplies, and stay in close contact with all resources. On February 22, 2020, our National Command Center was activated. All Kaiser hospitals activated their satellite command centers. My job was to standardize the message and ensure consistency of processes.
2020 has certainly been a challenging year for all of us. Pummeled but unbowed, internal audit and risk management professionals will continue to build our emotional resilience and welcome the new year, armed with the knowledge and strength gained from this paradigm shift.
Note to our Sponsors
We are grateful for our generous sponsors! Thanks to them we were able to use superior technology, maintain high quality programming and raffle off 20 great prizes, all of which added to the positive experience of our members!