1.5 billion reasons to improve your interviewing skills

Microphone landscape

UBS, the giant Swiss banking corporation, has been fined the equivalent of USD 1.5 billion by supervisors in the US, UK and Switzerland in the latest (but far from the last) chapter of the LIBOR rigging scandal, said to involve investigations against more than a dozen major investment banks.  These fines dwarf earlier fines levied against Barclays concerning LIBOR returns. The details of the violations and findings of the FSA’s investigation are contained in a 38-page notice issued by the FSA today.  It makes for interesting and somewhat depressing reading.  However, one aspect deserves particular attention.

Under a section titled “the failures of UBS’ systems and controls,” the notice reports that, between January and May 2009, UBS’ Group Internal Audit undertook a limited-scope review of its short-term interest rate (STIR) desks.  Coming after Wall Street Journal articles in April & May 2008 which raised concerns about LIBOR, the review consisted of a walk-through of its procedures and review of exception reporting.  The report from this review “did not consider and contained no reference to UBS’s LIBOR submission process.”

Shortly after the internal audit review, following a “regulatory enquiry in June 2009,” UBS Legal and Compliance function “reviewed the procedures for the LIBOR submission process.”

The notice reports that, between 1 January 2005 to 31 December 2010, Group Internal Audit conducted a total of five reviews of “the STIR business and STIR trading activities.  None of these,” the notice observes, “considered the LIBOR . . . submission process.”

Reporting the story, the Guardian noted:

Five internal audits had failed to uncover the attempts to manipulate LIBOR.

As the Financial Times states:

The misbehaviour spanned three continents and was widely discussed on group emails and in internal chat forums, the FSA said. The compliance department failed to pick it up, despite making five audits of this part of the bank during the period.

However, as the Financial Times article notes:

The FSA [notice] says at least 45 traders, managers and senior managers were involved in, or aware of, the attempts and that investigators found at least 2,000 requests for improper submissions.

These reports are problematic for the assumption of effective operation of ‘three lines of defence,’ the assumption that internal audit forms a third line of defence against operational risk, non-compliance or malpractice following risk control (the second line) and business units’ own control and oversight (the first line).  They raise important questions:

(a) How could a well-resourced and professional group, as UBS’ internal audit function clearly is and was, miss such widespread violations? and

(b) what are the implications for other internal audit functions in financial services and elsewhere of these omissions?

The rather obvious and pedestrian answer is that, despite the WSJ attention in 2008 and the regulatory interest in 2009, UBS’ Group Internal Audit was not looking for such violations; LIBOR was not 'on its risk radar’.  And, despite extensive work on the relevant business unit, the short-term interest rate desk, they did not happen across the violations in the course of their routine testing work.

From an audit perspective, this represents serial failures in two key areas: audit planning and audit execution.

Planning first.  The UBS internal audit function was not looking broadly enough at sources of risk to identify the media and subsequent regulatory concerns.  The senior audit personnel planning the audit programme were not asking the right questions of the right people in the right way.  This represents a failure both of coordination between compliance, risk and audit functions and a failure to monitor and respond to emerging risks.

Secondly, executing the audits on the short-term interest rate (STIR) desk, the auditors were not asking the right people the right questions in the right way.  Had they been, they would probably have identified concerns about manipulation of LIBOR among the 45 people involved (of whom only a few were in STIR itself).  This represents a shortcoming in audit method and approach.

It is relatively safe to assume that UBS’ Group Internal Audit function was and is staffed by professionals who are both technically capable and experienced at what they do.  The shortcomings probably represent less a failure of those people to do properly what they understood to be their jobs than a failure to define properly what their jobs were.  Specifically, most internal auditors (and I say this as a former IIA national chapter president) are determinedly task-focused.  There are strong emphases on technical audit tasks and strong pressures for reliable execution of the audit plan; repeatability is important for evidence and auditing is, or should be, predominantly evidence-based and heavily data-focused.

However, task completion is not the ultimate objective of audit; that is provision of assurance over the effectiveness and efficiency of internal control to the audit committee of the board of directors and to senior executives; technical audit tasks are merely a means to an end.

When recruiting for a professional internal audit function, there is a heavy emphasis on ‘hard skills’ – technical skills in accounting or finance or engineering or IT or project management; the emphasis depends on the control focus of the role.  The behavioural and interpersonal skills required of auditors to do their jobs effectively – often erroneously referred to as ‘soft skills’ – are less emphasized; they are also less actively developed by training programmes for auditors.

The relative emphasis is unsurprising.  The IIA performance standards refer to information required to support audit findings:

Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement's objectives. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor.

Information as opinion gathered from interviews is not much prized: the global internal audit standards do not even refer to interviewing or interview skills (however standards of IIA Australia do and others may).

The reality is that the most valuable information and insight an auditor can obtain will often come through interviews. It is from interviews that we can really learn the nature of how the world works from the experience and perspective of the interview subject, rather than as it was designed or originally implemented; we can learn about the vital work-arounds and sources of uncertainty in a process.  Interviews are rich sources of information about reality.

Interviewing is an art that must be learned and it involves taking risks.  As US sociologist Joseph Hermanowicz notes:

Great interviewing is deceptively difficult, partly because it is an acquired ability that takes time to develop, partly because people often remain bound to conventional norms of behaviour while interviewing that precludes open access to the people interviewed.

Perhaps the clearest problem most technically-minded auditors face in interviewing is the nature of the experience they are attempting to access through interview.  Because they are focused on factual evidence, many auditors’ attention in interviews will focus on establishing facts.  Yet facts are not the stuff of great interviewing or of revelation.  At a deeper level of experience is the interview subject’s cognitive response to the facts, as they see them: that is, what they think about the facts.  Deeper still is the interview subject’s affective or emotional response to the facts and their cognition thereof: that is, how they feel about their version of the facts.  Seeking to understand that can unlock a more powerful and a richer dialogue between interviewer and interviewed.  It is through such dialogue that messy truths about process manipulation – LIBOR or otherwise – will emerge.

Thus, it is through engaging with interview subjects affectively that interviewing offers the greatest benefits.  This is where the richest information comes from.  Yet it takes skill to access and affective interviewing does not come naturally to left-brain-dominated auditors.

In a recent poll of a major financial services client with an experienced and competent audit team before a course on interviewing, fewer than 15% of the team reported that they considered interviewing a real strength; staggeringly, none reported that they got really rich information from interviewing and only a quarter reported ‘loving’ interviewing.  The ability to establish rapport with an interview subject is vital to gaining rich information; not loving it will reduce the interviewer’s predisposition to take risks – ask difficult questions well – and will block off the richest (and most efficient) source of insight available to the auditor.

Had the professionals in UBS’ Group Internal Audit function been more adept at interviewing – at engaging affectively with interview subjects – they may have relied more heavily on that technique for informing their engagements.  In doing so, they would have stood a far greater chance of unearthing the problems in the STIR desk and LIBOR submission process earlier and dealing with them more effectively, thus avoiding a large proportion of the $1.5 billion levied today in fines.  That is a lot of motivation.

. . . . . . . . . . . . .

Paradigm Risk will run a course on Enhanced Interview Skills in London on Thursday, 9 April 2013, priced at £725 + VAT (pay online £575 + VAT).  The course is focused on risk managers, compliance officers and internal auditors across industries.  To view, book and online, click here.

The Enhanced Interview Skills is part of a series of seminars on changes in risk and risk management (see here).  Other courses include:

Culture & risk culture • 17 April 2013 • £725 + VAT (pay online £575 + VAT)

Strategy, risk & uncertainty • 23 April 2013 • £725 + VAT (pay online £575 + VAT)

Risk in programmes & projects • 30 April 2013 • £725 + VAT (pay online £575 + VAT)

ERM: what's changed? [2 days] • 14 & 15 May 2013 • £1,125 + VAT (pay online £825 + VAT)

Risk appetite in corporate business • 22 May 2013 • £725 + VAT (pay online £575 + VAT)