I was quite surprised when people start calling me 'Haji Ahmad Fairuz' or sometimes in short 'Haji Fairuz'. At the age of 36, in those days, it's very rare when people called you 'Haji'. Usually, on average Muslims went for Hajj after age of 50 years old. However, this is what we usually say, 'Rezeki from Allah' who had chosen me and my wife to go fo Hajj this year. Alhamdulilah.



In internal audit, we were trained that every process as part of system shall have proper control that function to meet the objective of the process and mitigate any risk. However, we seldom look into the design of the process which sometimes are pin point of the problem. So, understand the purpose of system design is important to assess the effectiveness of the process.  

In today's world, system are moving away from traditional approach to a more what they called complex system. The design of the system are now more open, interconnected, autonomous and integrated. We are moving from centralized approach to distributed approach. Kindly find the link below.


So, why internal audit should worrying about this? What the heck is revenue assurance related to complex system? 

In my opinion, the more complex of a system, the more risks will be exposed. The vulnerability of open, integrated, interconnected and autonomous system have a bigger challenge  e.g. data privacy, integrity, fraud and many more. 

What is your opinion?

For a start, enjoy the youtube show.



Watch the video below. Interesting discussion on data sciences, differences between data sciences and statistics. Since my background is in software engineering, then there are advantages to learn all tools that used in data sciences, .e.g R, python. Do we need to be expert in statisticas (3 years of course) to become data scientist? Well, I don't believe in that. I believe, we can shall not stop learning, and shall continue to learn.  


In marriage, you never know either you will be happy all the time or not with your spouse. It's always risk and this type of risk is never can be translated into heatmap, scatter plot (prediction), histogram or what so ever. Because, it is human being who make the choice and every choice has a risk. I remember someone said, and can't remember where I got it, says that if life has no risk, then it is not a life.

Internal Audit (IA) too is about being able to identify risk to the company. It's all about risk. And for a company to move forward, the management has to take risk. If not, the company would not be able to grow. However, in order to move forward, proper control should be in place, in order to mitigate those potential risk that could impair the growing of the company. 

That's the reason they come out with terms GRC where Governance is for the company to streamline the management inspiration at all level in the company to meet it's objective, e.g integrity, authority,accountability; Risk is for the everyone in the company aware possible events that could give negative results to the company and Compliance is for everyone to adhere to the policies or procedures or processes that design by the management. 

But when we design policies or procedures or processes, do we know what is the whole objective? Seldom, we didn't take into consideration the high level objective when designing this. And it was because the whole objective sometimes was not communicate properly across all level from the management. Especially in a big company, where managing information and resources always has become the biggest hurdle to the management, all the time. 

So, thinking in the box is to understand the objective of what we do in office every day. Thinking deep in box is about knowing what value that we as an employee can contribute to the company. Box is refer to the company that we work with. 

Thinking out of the box, is not to understand but to learn about exploration, creativity, innovation and many more.